Understanding of terminology related to electronic discovery (eDiscovery or e-discovery) is an inalienable part of providing e-discovery compliance. Customers of Netwrix
The list below probably can solve a problem with comprehension of some eDiscovery terms.
Attachment: An electronic file sent along with an email message.
Boolean Search: Refers to a system of logic developed by an early computer pioneer, George Boole. In Boolean searching, an "and" operator between two words results in a search for documents containing both of the words. An "or" operator between two words creates a search for documents containing either of the target words. A "not" operator between two words creates a search result containing the first word but excluding the second.
Computer Forensics: Computer investigation and analysis techniques to determine legal evidence. Applications include computer crime or misuse, theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensics specialists use many methods to capture computer system data, and recover deleted, encrypted, or damaged file information.
Culling: Reducing the size of the set of electronic documents using mutually defined criteria (dates, keywords, custodians, etc.) to decrease volume while increasing relevancy of the information.
Custodian (Data Custodian): A person, whose electronically stored information is collected for litigation purposes. For example, the data custodian of an e-mail is the owner of the mailbox which contains the e-mail.
Deduplication (de-duplication or de-duping): A process of identifying and/or removing additional copies of identical documents in a document collection. There are three types of deduplication: case, custodian, and production.
DeNisting (deNISTing or de-nisting): Removing the operating system files, program files and other non-user created data. The NIST (National Institute of Standards and Technology) list contains more than 40 million known files and using this list to filter custodian hard drives files can be effective because these files are usually irrelevant to a case, but often make up a sizable portion of a collected set of electronically stored information (ESI).
Electronic Discovery (ED, also known as Digital Discovery, Electronic Digital Discovery, Electronic Document Discovery, EDD or Electronic Evidence Discovery): A process of finding, identifying, locating, reviewing, and producing relevant electronically stored information (ESI) for litigation purposes.
Electronically Stored Information (ESI): Data found in hard drives, CDs, online social networks, PDAs, smart phones, voice mail and other electronic data stores. Electronically stored information, for the purpose of the Federal Rules of Civil Procedure (FRCP) is information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software.
Hash: An algorithm that creates a value to verify duplicate electronic documents. A hash mark serves as a digital thumbprint.
Keyword Search: In eDiscovery keyword search is a process of examining electronic documents in a collection or system by matching a keyword or keywords with instances in different documents. Keyword searches can only be done on electronic files in their native format, in searchable PDF, or in files that have been associated with an OCR text file. Standard keyword searches will return a positive result only if the exact keyword or a close derivative is specified. Search derivatives returned by litigation support search engines commonly include stemming. Stemming returns grammatical variations on a word, for example a search for "related" would also have results "relating", "relates", and "relate".
Litigation hold (also called Legal Hold, Hold Order, Preservation Order, Suspension Order, Freeze Notice, Hold Notice, Stop Destruction Notice): A notice or communication from legal counsel to an organization that suspends the normal disposition or processing of records, such as backup tape recycling. A litigation hold will be issued a result of current or anticipated litigation, audit, government investigation or other such matter to avoid evidence spoliation.
Metadata: Data about data. Metadata provides information about a document or other data managed within an application or environment. Data that describes how, when and by whom a particular set of data was created, edited, formatted, and processed. Access to meta-data provides important evidence, such as blind copy (bcc) recipients, the date a file or email message was created and/or modified, and other similar information. Such information is lost when an electronic document is converted to paper form for production. Files may include such metadata as an access date, file path, size or name.
Privilege: A special and exclusive legal advantage or right (for example, attorney work product and certain communications between an individual and his or her attorney, which are protected from disclosure).
PST file format: A Personal Storage Table (.pst) is a file format used to store copies of messages, calendar events, and other items within Microsoft software such as Microsoft Exchange Client, Windows Messaging, and Microsoft Outlook.
Spoliation: The alteration, deletion or partial destruction of records which may be relevant to ongoing or anticipated litigation, government investigation or audit. Failure to preserve information that may become evidence is also spoliation.
Thread (Email String): A chain of e-mail conversation which consists of the initiating e-mail and all e-mails related to it including the replies and forwards between senders and recipients in this e-mail chain.
Please select one of the following options to proceed.