search
  resources   /   news   /   events
Select Page

    Our Insights

    Thought Leadership and Industry Trends

    Conducting Remote Data Collections for eDiscovery in the Era of Social Distancing

    June 12, 2020


    cloud computingCOVID-19 has disrupted almost all normal business practices, making many activities challenging to handle virtually. Fortunately, eDiscovery can largely continue on pace, thanks to technology and remote collection workflows. Shifting to fully remote or socially distanced collections, whether to accommodate shelter-in-place orders or employee safety concerns, is achievable in most circumstances.

    Data Types Available for Remote Collection

    Prior to any data collection, companies must determine what data they have, where they have it, and in what format. Virtually all data types in any location can be collected remotely, including:

    • Traditional Devices (Laptops, Desktops)
    • Local Network Locations (Shared Drives, Home Drives. Project Shares, and On-Premises email systems)
    • Mobile devices (IOS- and Android-Based and Legacy devices, such as Flip phones, Blackberry OS, etc.)
    • Tablets (IOS-, Android-, and Windows-Based)
    • Cloud Sources (Chat Storage-Based, Storage-Based, and Email)
    • Other (CRMs, Billing, and General Database driven systems).

    How Remote Collection Works

    Depending on the type of data, collections can take one of several forms. In Full Remote collections, our Analyst performs the full collection with minimal help from the custodian. First, a remote collection kit is sent to the custodian to allow the data to be collected. Then, working with the custodian, we establish a remote connection to the system utilizing TeamViewer. If necessary, the remote connection software is installed. Data is encrypted at the point of collection.

    Where data exists on mobile devices, a small laptop computer will be sent to the custodian. On the scheduled date, the custodian logs in and connects the laptop to a Wi-Fi network. Our analyst will then remote into the laptop. Each device type requires that some settings are changed to enable the collection. Once the device is prepared, we ask the custodian to connect the device either with the charging cable or special cable provided by CDS. The CDS analyst will then perform the collection.

    Assisted Remote collections may be needed when the data cannot be captured with the remote collection kit. We coordinate and advise on-site staff and provide any equipment needed in order to transfer the data.

    Where remote collection is not possible because of the nature of the data, Socially Distanced on-site data collection may be an option, assuming the business has access to facilities and a representative may provide access to the device. Contact may be minimized even to the extent that the on-site collection is performed from devices in a vehicle. Special shipping boxes may also be provided to allow storage devices to be safely sent to CDS.

    When it comes to cloud repositories, which are built for remote access, CDS collects data from most cloud storage systems, including nearly all email systems and chat applications.

    Limitations of Remote Collections

    Certain types of data or storage devices pose challenges for remote collections. Some common issues include:

    • Encryption keys may be needed to access physical images.
    • Macintosh computers. These may allow targeted collection only. We cannot perform remote logical or physical images on the latest Mac computers even with specialized tools. Typically, data also can take longer to stage.
    • USB C Ports. Custodians must disclose such ports prior to us shipping equipment so we can include adapters.
    • Some tablets may only have a single USB that does not have full power so a powered hub may need to be sent for remote collections.
    • Mobile devices. These may require that the custodian be present to select any onscreen prompts.
    • Custodians may need to be ready to transfer code or select prompts because of 2FA/security checks. In addition, older email accounts may have emails that were pulled off the server. As a result, we may need to also image a physical device like a computer or laptop.
    • Custodians may need to assist with 2FA/security checks. Large datasets can also take a long time to download.
    • Internet connections. This is required for all remote collections. However, even if they exist, limited connectivity can result in time delays and slow collections. This is particularly true with enterprise systems that require high bandwidth connections to push collected data to centralized repositories.

    Although some aspects of collection may have changed, eDiscovery workflows can continue without delay and with the same level of care, efficiency, and quality. Contact us to find out more about how we can assist you.

    About the Author

    Louis Cona, Forensic Services Manager, CDS New York

    Louis Cona is the forensic services manager at CDS and has 8 years’ experience in the field of digital forensics. His main duties include complex data collections, computer forensic investigations and the training of team members in the use of forensic and eDiscovery software and hardware solutions. Additionally, Louis provides consulting services in the areas of forensic data collection, data management & analysis, and eDiscovery best practices. Louis holds a BS in Computer Information Systems (Networking Security & Digital Forensics) and is ACE and EnCE certified.