Version française   Home | Contact Us

Example of an e-discovery setup



This is an example of a setup that we used in some real cases. Every case is unique, thus the setup can be altered to match the objectives and the local support. In some multi-national cases where applicable laws may differ, the collected data cannot be legally transfered from a country to another. Therefore, the same setup has to be reproduced in each country and one of the chief of local operations acts also as the chief of global operations.

In this example, two opposing companies are processing potential evidences (emails, spreadsheets, mobile phone calendars, ...). Please bear in mind that non-disclosure is paramount in such cases.

There are four switched physical networks, interconnected through gateways with very limited, and controlled, open ports. All communications inside a network are encrypted. All communications between networks are encrypted. Computers inside the reviewers networks have their USB/firewire/wireless/CD/DVD devices disabled. Reviewers don't have access to a cellular phone.

The potential evidences are extracted and collected by a LERTI digital forensic team from harddrives, cellular phones, backup tapes, etc. The potential evidence containers are carved, decyphered, and made user readable by up-to-date forensic tools. The resulting data sets are stored on a SAN. All the servers are under the management of LERTI.

The Chief of Operations accesses the SAN and dispatch the data sets according to the case. The reviewers blind-filter the data and the relevant data is transfered to the arbitrators who make the final decisions upon the data (evidence to be retained for the case, personal data to be discarded, irrelevant data, etc.) and store the evidences on a distinct server.

This infrastructure, as heavy as it might appear, is however mobile and LERTI has the know-how and working force to set it up anywhere in Europe on very short notice.

At the end of an e-discovery operation, all the hard-drives (laptop, computers, servers) are wiped clean with DoD standards.

A lighter version of this setup has been used, with the servers running locally at LERTI's computer center.

© 2017 Lerti: Computer forensics - Legal clauses - Computer forensics, evidence collection, traces, electronic investigations - Compiled by Kreatys