Lawyers miss being toe-to-toe with the evidence. We want to attack ESI with the same hands-on "can do" capabilities we brought to bankers boxes. For that, everyone from solos to senior partners need simple, powerful desktop and/or web-enabled tools to search and review client data.
The proletarian tools I imagine haven't surfaced. The good stuff isn't cheap, and even much of the pricey stuff is relentlessly ho-hum or clunky as hell. We need, "Quickbooks for ESI:" a tool set that's as intuitive to use, affordable and easy to master as Intuit's ubiquitous accounting application.
Two "free" tools lately hit my radar screen. Download them, try them and see what you think. One is a truly free utility that makes the contents of forensic computer images accessible to any Windows user. The other is a fully-functional demo of an EDD search and review platform that isn't quite there but gets so tantalizingly close in some respects that I urge you to play with it and tell its Aussie developers how to get it right.
P2 eXplorer v. 2.0
The first free tool is from Paraben Corp.
the Orem, Utah-based vendor of computer forensic hardware and software. It's called P2 eXplorer v. 2.0
and it allows you to mount forensic images and explore them on your machine as though it were a local drive without altering the integrity of the image. It supports the most common forensic image formats (e.g., dd and EnCase .E01) and is easy to install and use.
Why care? Because if you're reading this blog, chances are you're well-aware that reviewing client data in its native format on your own machine is the quickest, lowest cost approach, whereas converting data to TIFF images is absurdly expensive and results in information leakage (i.e., you don't get all the metadata or necessarily see the information as the user does). Hosting data on the Internet has much to commend it, but cost and speed aren't its customary virtues.
For all its advantages (speed/cost/efficiency/completeness), reviewing native data on your own machine risked changing the data and metadata absent steps to intercept such changes. This entailed special "write blocking" devices or other technical hoop-jumping if you wanted to safely connect an external hard drive holding client data. Computer forensic experts defeat a computer's tendency to alter data by encapsulating ESI in so-called "forensic images," being one or more files that collectively hold the complete contents of an ESI storage device, often in a compressed, self-authenticating format.
Because of its clear advantages, forensic images are increasingly used to preserve data from key custodians, and splendid free tools to create images, like Access Data's FTK Imager
, make it easy to preserve machines and media. There's a good chance your EDD service provider uses imaging to collect and transport ESI. Some see imaging as overkill--and it can be--but others are turning to it routinely as forensic imaging enables forensic analysis and data recovery long after collection, should spoliation issues arise. Certainly, no other method does a better job preserving all
The data encapsulation characteristic of forensic images also made them inaccessible to those without special tools to read them. Though Access Data's Forensic Toolkit, Guidance Software's EnCase and X-Ways Forensic all open common forensic formats, they aren't cheap and all three require a good deal of training to use. Plus, they're all designed to do much, much more than simply enable a lawyer to peruse client data.
So, that's why having a simple, free tool like P2 eXplorer v. 2.0 is so nice. It allows you to point to an image of a personal computer, external hard drive, thumb drive, server, or other storage medium and safely see its contents as if they were files on your own machine. You can then traverse the folder structure and open files without changing any data on the image.
I've been paying to use P2 eXplorer for years, so I'm pleased to see that Paraben is now giving it away. It's a nifty tool. To download a fully-functional, free copy, you will need to run Paraben's customer registration and e-tail gauntlet
; but fear not, the cost in your shopping cart will be zero, zip, zilch.
Matt Shannon, the big brain behind the excellent-and-not-free-but-worth-every-penny F-Response remote acquisition tool, put me on to Vound Software's Intella at a conference several weeks ago, and I've spent countless hours poking and prodding it since. Intella is a desktop indexing, search and review platform for ESI. In a nutshell. you point it at ESI and Intella makes it easy to simply and intuitively search, slice and dice the data, then export your work for production. Intella employs visual analytic features like those seen only in much more sophisticated and expensive review tools (FTI's Attenex comes to mind). But, the appealing features of Intella are its ease-of-use and innate simplicity. It's most appealing feature is its current price: free (but just for a while). I also like its ability to crack open Outlook PST and OST e-mail containers, along with Lotus Notes' NSF containers.
But before you get too excited, I have to tell you that Intella is a beta and the license to use it is time-limited. Intella has its share of bugs and lacks features you'll wonder how they missed; so, use it against real evidence with caution, and be sure you test your results and have a plan B in case Intella doesn't do what you need. But, do give it a try, and reward its open-minded developers with your feedback about what it lacks to be a capable review platform. It can't stay free, but join me in encouraging the developers to keep its ultimate price low enough to be a go-to tool for small- and medium-size e-discovery efforts.
To get your time-limited copy, go to the Vound Software registration and download page
. It runs on routine Windows machines (e.g., XP or Vista with more a gig of memory).
For those unaccustomed to hearing me say anything nice about EDD tools and vendors, rest assured that I have no affiliation with the companies or products mentioned above, and I'm not being compensated in any manner for writing about them. CDB