Hello dear Kernelblog followers. In this article, I will show you what is E-Discovery, and how to do it.

E-discovery (e-discovery) is an inseparable part from the forensic informatics that emerged in the early 1990s. E-discovery can be defined as the discovery process in civil cases conducted for crimes committed electronically. It provides gathering and analyzing possible digital evidence about revealing, protecting, on-scene intervention and on-scene security. Determination of data recorded electronically in a civil case; it is possible to include such data as emails, presentations, databases, voice messages, image files, audio and video files, social media and even websites. In summary, the server, database, e-mail server, etc. It is a solution to collect, define and report data that can be stored digitally and used as forensic evidence.

E-discovery has a dynamic structure. Because the data increases a little more every minute and it has a complex structure due to the abundance of these data and the file information, file properties, time information and metadata they contain. The protection of the original content and electronically stored data, metadata is also required for the security of the evidence in the ongoing litigation process. After the data is detected, collected, sorted and indexed, the documents cannot be changed, deleted or otherwise destroyed and placed in a database. At this point, the data is analyzed and stored in a secure environment to extract or parse non-open relevant documents and emails.

E-Discovery has 4 different data. These are;

-Active (Self)




Active Data: Active data are data that can be easily found from the hard disk or network servers.

Copy: The alias of copy data is file clone. Recovering this type of data is often costly.

Archive: Archive data are data contained in backup disks and are not in an easy-to-use format. A special program is required to be saved and used, and a specialist is absolutely necessary.

Surplus: Surplus data can also be called ghost files. These data are data that are stored in the place where they are saved without any document or wipe.

E-Discovery Legal Process

E-discovery applications work from the moment a case is envisaged until digital evidence is available in court. In this process, the data are properly identified by the lawyers of the two parties and put on legal hold. Then the scope of discovery is determined, requests and obligations are made. Opinions are also received from a competing advisor or auditor to determine what is being searched and to determine the necessary evidence, search parameters, and review. Subsequent evidence is extracted using digital forensic procedures, analyzed and reported in pdf or tiff format to be presented in court.

The best solution in a legal process is to prepare before taking action. For this reason, customized e-discoveries based on crime should be made before forensic information examinations. Hope to see you in my next post. Happy reading.

Leave a Reply

Your email address will not be published. Required fields are marked *