The Electronic Discovery Reference Model (EDRM) is a widely accepted framework for managing electronic data during the discovery phase of legal proceedings. The EDRM has nine stages, and one of the earliest stages is Collection.
In the Collection stage, electronic data that may be relevant to the legal matter is identified, located, and gathered in a way that preserves its integrity and ensures it can be searched and analysed efficiently. This involves creating a comprehensive inventory of all potential data sources, such as email accounts, servers, laptops, mobile devices, and cloud storage.
Once the potential data sources have been identified, data custodians (usually employees of the organisation in question) are identified and notified of their obligation to preserve potentially relevant data. The custodians are asked to identify the locations where the relevant data is stored and to provide access to that data.
The data is then collected and preserved in a way that ensures its authenticity and integrity. This may involve creating forensic images of hard drives, collecting metadata associated with the data, and preserving chain of custody documentation to demonstrate that the data has not been tampered with.
During the Collection stage, it is important to maintain a clear record of what data has been collected, from where, and how it was collected. This record is used to ensure that all relevant data has been identified and collected and to help with subsequent stages of the EDRM, such as processing and review.
Overall, the Collection stage is a critical step in the e-discovery process as it ensures that all relevant electronic data is identified and preserved for subsequent review and analysis.
Forensic Tech 