|
||||||||||||||||||
|
 |
Frequently Asked Questions
Computer hard drives and servers are the most common digital devices requested for collection and investigation, but we can also find digital information on cell phones, printers, iPods, digital cameras, network equipment, and voicemail systems. How much do you charge for your services? Avansic charges a flat rate per device for collection, plus hourly charges if we collect onsite. We have a per-gigabyte charge for various processing services (including loadfile production). Online review is billed as initial setup, monthly case hosting, and a monthly user fee. Expert work and consulting is billed by the hour. Contact a Case Manager at (888) 808-0337 to quote your next project. What is e-discovery? E-discovery is a broad approach that works to filter and convert data into a reduced set of usable documents for attorney review. It generally includes all active files on a computer hard drive. What is digital forensics? Digital forensics involves the investigation of a data set that includes hidden or deleted information on computers, cell phones and other electronic devices. This is a focused approach to finding data that yields a targeted and relevant data set. Digital forensics is particularly useful for cases that involve technology-savvy users or if there is suspicion of fraud or data wiping. How does collection work? First, Avansic takes a special copy of a computer’s hard drive using specific equipment that ensures the original data is unaltered (by using a cable called a “write blocker”). This is called a “bit-by-bit” copy, or “image”, and copies every single piece of data onto a blank hard drive. Getting all of the data is necessary for the copy to be considered evidence, and also allows us to find information that has been deleted (if necessary). This process generally takes about an hour per gigabyte of data. It can be done on your site or in our laboratory. If the digital device in question is large (such as a file or email server) and only certain information is required, Avansic can perform a select data collection using forensically sound techniques. How does ESI processing work? Once Avansic receives a data set, we prepare it for processing by first “de-NISTing” (include link to key term) to remove known, ignorable files: these are typically non-user-generated files that the operating system uses to run itself efficiently, which are not relevant in the majority of e-discovery projects. Then, standard file categories are removed (contact a Case Manager for a list of these categories). Then, filtering can be performed on the resulting data set. This includes search terms, phrases, date ranges, data locations, file categories, and a variety of other factors that depend on the case. After filtering is complete, the data set can be de-duplicated so that only a single copy of a document across the set will be retained, except where doing so would create a gap in review or production. Email and files are treated differently during de-duplication. Note that Avansic only uses defensible de-dupe and filtering techniques – some programs have error rates close to 40%. At this stage, Avansic performs email threading in order to maintain the integrity of email conversations. Then, Avansic performs pre-production and conversion operations including privilege or confidentiality labels, page numbers, Bates numbers, TIFF conversion, and redactions. After the data set has been marked and converted to the customer’s specification, production can begin. When processing for digital forensics, a licensed examiner will work with you to find the specific data of interest. How does Avansic produce my results? This step must be taken whether the data is destined for the opposing party, clients, other experts, or any other parties to the litigation. Avansic supports many methods of production: the most common being loadfile creation or native file production. Avansic supports dozens of specific export formats for certain tools. How long does data collection/preservation take? A typical computer hard drive takes between 1 and 4 hours to collect onsite. Avansic can collect multiple computers simultaneously. Collection times vary for file and email servers; contact a Case Manager for a more accurate estimate. How long does data processing take? Once Avansic has received the data, it may take several days of computer time to complete the data preparation stage. Filtering or investigating can take anywhere from an hour to several days depending upon the data set and scope of the project. In general, most of our clients receive results within 7-10 business days of collection. Servers and other complex assets can take longer depending upon size, configuration, type of computer or operating system, and location. During collection, how long will the computer be out of service? Forensics copying can take up to 4 hours for a typical hard drive, which Avansic can do both during and after normal business hours. After the copy has been taken, the computer can be returned to normal use. What if the information is on a server that we can’t take down? Avansic has experience in performing live acquisitions of technology that cannot be taken offline. Call a Case Manager at (888) 808-0337 for more information. Can Avansic look for a specific file on a computer? Yes, our process makes it easy to find specific information. We can search for either a keyword in a document, a particular file type, the location of a certain file, or the dates on which it was created. Can Avansic perform e-mail threading? Yes, Avansic can sort email by conversation if the email resides on a Microsoft Exchange server. Avansic uses the Conversation Index to re-create email conversations; the Conversation Index is a piece of data captured by Microsoft Outlook that helps group messages based on the thread. Email threading can greatly reduce time spent during the review process since emails are grouped together logically. Can Avansic recover a deleted text message off a cell phone? This depends entirely on the make and model of the cell phone, how long ago the message was deleted, and the particular storage settings of the phone. Does Avansic do audio or video forensics? No, Avansic only performs digital forensics investigations on computers. How can I be sure the data is secure at Avansic? Avansic takes security very seriously, and we have implemented a number of controls to ensure that all client information at Avansic is handled and stored securely. Multiple layers of security including card and code access are required for all areas where evidence is stored and security systems are in place to monitor all traffic into and out of the office. How does Avansic protect privileged information? Avansic has significant experience in drafting and implementing clawback agreements. We have served as a neutral third party on many occasions and are experienced with the creation of privilege logs, privileged document sets, redacted production copies, and In Camera copies. Can I use my in-house IT staff to perform digital forensics and e-discovery? Forensics collection and examination should be performed by a neutral third party in order to ensure that the evidence is admissible in court. Note that “drag-and-drop” copying methods, although standard in the IT field, are not forensically sufficient for use in court. What if we’re not in your area? Avansic can collect digital evidence in any state in the nation. What kind of clients does Avansic have? Avansic works mostly with attorneys, litigation support departments, and corporations to collect, process, and produce digital information for use in litigation. We have experience working with those new to e-discovery as well as seasoned professionals. We have developed a set of standards for larger firms and litigation support professionals in order to smooth the process; contact a Case Manager at (888) 808-0337 for more information. I’ve heard that Avansic publishes whitepapers, how can I get a copy? Sign up for our email list http://www.avansic.com/ContactUs/EmailSignUp/.
|
 |
Copyright 2008 Avansic
Home Contact Us
|