English version   accueil | contact

Production électronique de documents numériques

La production électronique de documents numérique (e-discovery en anglais) consiste à retrouver et à extraire rapidement des documents numériques stockés sur des systèmes informatiques en vue de les produire (discover) en justice ou dans un contexte dans lequel des preuves sont requises.

Ces documents peuvent être des mails, des messages instantanés, des conversations chat, des documents bureautiques de tout format (traitement de texte, feuilles de calcul, documents de présentation) provenant de systèmes propriétaires (Microsoft en premier lieu) ou de systèmes ouverts (Openoffice, documents PDF).

Cette demande concerne des entreprises impliquées dans des litiges judiciaires, faisant l'objet de procédures internes à leur groupe, devant répondre à des autorités de tutelle, des demandes d'audits ou encore impliquées dans des procédures de règlement amiables de litiges.

Les systèmes informatiques sont le plus souvent des ordinateurs portables, mais ils peuvent être des téléphones, des ordinateurs de bureaux, des serveurs (internes à l'entreprise ou distants) ainsi que les systèmes de sauvegardes associés aux dispositifs précédents.

L'exemple ci-dessous concerne un cas effectif de production électronique de documents numériques traité par le laboratoire.

Example of an e-discovery setup



This is an example of a setup that we used in some real cases. Every case is unique, thus the setup can be altered to match the objectives and the local support. In some multi-national cases where applicable laws may differ, the collected data cannot be legally transfered from a country to another. Therefore, the same setup has to be reproduced in each country and one of the chief of local operations acts also as the chief of global operations.

In this example, two opposing companies are processing potential evidences (emails, spreadsheets, mobile phone calendars, ...). Please bear in mind that non-disclosure is paramount in such cases.

There are four switched physical networks, interconnected through gateways with very limited, and controlled, open ports. All communications inside a network are encrypted. All communications between networks are encrypted. Computers inside the reviewers networks have their USB/firewire/wireless/CD/DVD devices disabled. Reviewers don't have access to a cellular phone.

The potential evidences are extracted and collected by a LERTI digital forensic team from harddrives, cellular phones, backup tapes, etc. The potential evidence containers are carved, decyphered, and made user readable by up-to-date forensic tools. The resulting data sets are stored on a SAN. All the servers are under the management of LERTI.

The Chief of Operations accesses the SAN and dispatch the data sets according to the case. The reviewers blind-filter the data and the relevant data is transfered to the arbitrators who make the final decisions upon the data (evidence to be retained for the case, personal data to be discarded, irrelevant data, etc.) and store the evidences on a distinct server.

This infrastructure, as heavy as it might appear, is however mobile and LERTI has the know-how and working force to set it up anywhere in Europe on very short notice.

At the end of an e-discovery operation, all the hard-drives (laptop, computers, servers) are wiped clean with DoD standards.

A lighter version of this setup has been used, with the servers running locally at LERTI's computer center.

© 2017 Lerti la preuve informatique - Mentions légales - Expertises, preuves, traces, investigations informatiques - réalisation Kreatys