Do-It-Yourself Digital Discovery, Revisited, by Craig Ball, Ball In Your Court Blog

http://tinyurl.com/ol2urvf

In case you have not noticed, Craig Ball is re-posting older articles, as he explains below. Truly folks, when it comes to e-discovery, when Craig Ball speaks, I listen. Maybe you should too. 

I have posted many of his revisited posts. To find them all, visit his blog, Ball In Your Court at https://ballinyourcourt.wordpress.com/. -CCE

This is the thirteenth in a series revisiting Ball in Your Court columns and posts from the primordial past of e-discovery–updating and critiquing in places, and hopefully restarting a few conversations.  As always, your comments are gratefully solicited.

Do-It-Yourself Digital Discovery [Originally published in Law Technology News, May 2006]

Recently, a West Texas firm received a dozen Microsoft Outlook PST files from a client. Like the dog that caught the car, they weren’t sure what to do next.  Even out on the prairie, they’d heard of online hosting and e-mail analytics, but worried about the cost. They wondered: Did they really need an e-discovery vendor? Couldn’t they just do it themselves?

As a computer forensic examiner, I blanch at the thought of lawyers harvesting data and processing e-mail in native formats. ‘Guard the chain of custody,’ I want to warn. ’Don’t mess up the metadata! Leave this stuff to the experts!’ But the trial lawyer in me wonders how a solo/small firm practitioner in a run-of-the-mill case is supposed to tell a client, ‘Sorry, the courts are closed to you because you can’t afford e-discovery experts.’

Most evidence today is electronic, so curtailing discovery of electronic evidence isn’t an option, and trying to stick with paper is a dead end. We’ve got to deal with electronic evidence in small cases, too. Sometimes, that means doing it yourself.

As a computer forensic examiner, I blanch at the thought of lawyers harvesting data and processing e-mail in native formats. ‘Guard the chain of custody,’ I want to warn. ‘Don’t mess up the metadata! Leave this stuff to the experts!’ But the trial lawyer in me wonders how a solo/small firm practitioner in a run-of-the-mill case is supposed to tell a client, ‘Sorry, the courts are closed to you because you can’t afford e-discovery experts.’

Most evidence today is electronic, so curtailing discovery of electronic evidence isn’t an option, and trying to stick with paper is a dead end. We’ve got to deal with electronic evidence in small cases, too. Sometimes, that means doing it yourself.

The West Texas lawyers sought a way to access and search the Outlook e-mail and attachments in the PSTs. It had to be quick and easy. It had to protect the integrity of the evidence. And it had to be cheap. They wanted what many lawyers will come to see they need: the tools and techniques to stay in touch with the evidence in smaller cases without working through vendors and experts.

What’s a PST?

Microsoft Outlook is the most popular business e-mail and calendaring client, but don’t confuse Outlook with Outlook Express, a simpler application bundled with Windows. Outlook Express stores messages in plain text, by folder name, in files with the extension .DBX. Outlook stores local message data, attachments, folder structure and other information in an encrypted, often-massive database file with the extension .PST. Because the PST file structure is complex, proprietary and poorly documented, some programs have trouble interpreting PSTs.

What About Outlook?

Couldn’t they just load the files in Outlook and search? Many do just that, but there are compelling reasons why Outlook is the wrong choice for an electronic discovery search and review tool, foremost among them being that it doesn’t protect the integrity of the evidence. Outlook changes PST files. Further, Outlook searches are slow, don’t include attachments (but see my concluding comments below) and can’t be run across multiple mail accounts. . . . .

.