When discovery in litigation involves the inspection of computer systems, setting out reasonable and effective protocols often involves a neutral expert in computer evidence. Working for the court, oftentimes at the direction of a special master, the neutral expert will engage with both parties, and often with computer forensics experts, to craft a reasonable inspection protocol. The challenge is to achieve consensus on the approach to preserving, performing analysis and review, and then producing relevant data. Protecting the producing party’s privacy/privilege while identifying only data that is responsive to the inspection demand must be balanced with the requesting party’s goal of finding all relevant evidence. Considering technology, discovery and forensic tools, and any agreements by the parties, the neutral expert must propose or assist with crafting an inspection protocol the parties to the litigation can agree to.
Depending on the type of litigation, a company’s most sensitive data may be at issue and subject to discovery. Adequate review is hindered if full access to the relevant sources of data is not provided. Establishing the provenance of important documents, examining versions of source code, recovering evidence of the use of external media or the transfer of proprietary data can only be accomplished through the proper preservation and analysis of the right data sources. Conference calls to meet and confer to identify relevant sources and confirm preservation are crucial early in the inspection process. The neutral expert can work with the party’s IT administrators or consulting computer forensics expert(s) to map the sources of potentially relevant data.