Re: Tools for host-based electronic-discovery

[Mike Lococo <mike.lococo () NYU EDU>]

Greetings,

I got several responses off-list, summarized as follows...

* Two organizations using EnCase, both seemed happy with the product.
* Two organizations using dtSearch.  One organization was a discovery
outsourcing shop and was using dtSearch as part of an extensive toolset
with custom-wrappers around report-generation.
* One organization using FTK, seemed generally happy except for the
occasional bug in handling large multi-record host-based mailboxes.

Folks seemed split more or less down the middle as to whether they were
acquiring disks/images for analysis or pulling data out of their
existing enterprise backup system.

Thanks,
Mike Lococo

Mike Lococo wrote:
> Hi Folks,
>
> I'm interested to know if anyone would be willing to provide information
> about the toolset they're using to perform electronic discovery.  I'm
> particularly interested in host-based scanning tools to find files and
> emails that are responsive to a given series of search terms, and
> provide results in a format that is palatable to lawyer-types.
>
> It's tempting to try to use Spider with custom-regexes, but I'm a little
> afraid that trying to archive results in a sane format is going to get
> messy very quickly, especially with multiple-record files like
> Eudora/Tbird email folders.
>
> Before folks send me back to the drawing board on policy and
> organizational issues related to eDiscovery, I am more or less aware of
> the range of best-practices currently available to cope with those
> issues and have reviewed the content at the Educuase E-Discovery
> resources page:
>
> http://www.educause.edu/Resources/Browse/ESIandEDiscovery/32756
>
> I'm primarily interested in augmenting our already functional framework
> for handling electronic discovery with a toolset that allows us to
> execute discovery projects more efficiently, and am focusing on
> host-based discovery as an area likely to have a high effort-to-payoff
> ratio.
>
> Thanks,
> Mike Lococo
>
> PS - If you'd rather share off-list, email me directly and I'll
> summarize the results.