EDRM Evergreen/Processing/Chain of Custody - Reports
From Working EDRM
| Comments: Please submit comments to the EDRM Evergreen Processing forum |
Categories
The key to an effective chain of custody is to have a set of procedures that you follow, without fail. The procedures need to be in writing and the steps need to be documented. Chain of custody cannot be parsed into stages (data collection, processing, review, etc.); instead the entire process must be taken into consideration from soup to nuts. On a physical level, the simple act of restricting the number of hands that touch the evidence is the first step to avoiding handling errors and mistakes. On the technology side, the software used to handle the data should have appropriate reporting and audit capabilities. Automation with robust reporting capabilities is the best way to build a solid chain of custody. To that end, the entire process from the data collection to the review platform should be automated as much as possible and the human factor taken out of the equation. Fortunately most of us have seen two good models of this process. The first is the police evidence lock-up featured on every police-related television show from Dragnet to Law and Order. In each of these there has been a sleepy looking officer behind a counter that receives all evidence, catalogs it by item description, date of receipt, case number, the name of the officer providing it, and the inventory number. When possible the items are tagged or put in Ziploc bags labeled with a summary of the catalog information. Then the evidence officer stores the item in a locked area with limited access. This is an excellent model for procedure steps. The second model of the process that many have experienced is the online FEDEX or UPS tracking systems. When a shipper uses one of these services they send the recipient an e-mail with a tracking number. By inputting the tracking number on the FEDEX or UPS web sites the recipient can track the shipping progress of the package across the country or across the world. These tracking systems are updated with all key progress information usually within minutes or a few hours of the event. This is an excellent model for transparency and auditing because interested parties can see the progress from the Web whenever they would like. Combining the important parts of these two models yields a best practices model for electronic discovery.
Contents |
Chain of Custody at a File Level
Just as physical media containing electronic documents must be treated as evidence, the same rule holds true for each individual file. One of the benefits of an automatic, technical process is the ability to substantiate exactly what process a file went through prior to admission in a case. This benefit is even greater when the case consists of millions of files; through automation every file is subject to the same processes. Additionally, the ability to account for every file that was processed, even files that are segregated based on data culling criteria or exceptions, is critical to ensure that each piece of evidence was handled properly. (back to top)
Chain of Custody Reports
Chain of custody reporting can be made available on two levels: reports regarding physical media as well as reports on individual files. Both physical media and file level reporting are necessary to ensure a full chain of custody. On the physical level, chain of custody reporting begins at the time of the information is collected. (See Collection Node.) For the purposes of processing, that chain of custody on the physical media must be continued as the media is received and continue until it is returned. Once the information on the edia has been uploaded to the computer network, file level reporting begins. By using an automated process, each file is able to be tracked throughout the process and can be reported on as necessary. There are reports that are commonly provided at particular points in the process. (back to top)
Exception Reports
Since source data is unstructured data, not all files are able to be rendered to image or viewed as a native file. Also, some files contain passwords that are unable to be overcome. These files are considered exception files. Exception reports provide file name and location information regarding these files, as well as the reason these files could not be delivered back to the client, such as uncrackable password protected files. These reports are another tool used to ensure that each and every file has been processed and managed.(back to top)
Custom Reports
When using an automated process to manage your electronic data collections, there are many ways to report on the data. Reports provide information to control the process. As litigation changes and new pieces of information become available, custom reports on the data may be necessary to validate or refute different theories. Working closely with the service providers or the people processing the data in-house, the legal team can slice the data in a variety of ways. As technologies develop and become more sophisticated, reports become an increasingly important tool to the litigation team.
[updated Jan. 29, 2008]
