Electronic discovery is hard enough considering all of the sources of electronically stored information (ESI) that have to be preserved, collected, searched, analyzed and more. Many lawyers know that ESI can be found on email and file servers, laptops, backup tapes, mobile devices, removable storage media, database systems and much more. Moreover, the electronic discovery process must be performed in a manner that is forensically sound in consideration of the evidentiary integrity of the ESI. But if you think electronic discovery is tough in the ordinary course, just wait until you have to perform it in the context of a cybersecurity breach. Given the many high profile data breach incidents increasingly making headlines, as well as the potential liability associated with such incidents, counsel unfamiliar with electronic discovery in such cases may wish to consider delving into the subject.
The sources of ESI involved in a cyber-breach can be astoundingly varied and complex. Additional complications arise from the fact that applying forensically sound techniques to investigate the relevant sources of ESI without disturbing the data can be next to or actually impossible. However, for anyone involved in a cyber-breach case, it is critical to have a basic understanding of some of the main sources of ESI.