A common Discovery Attender question is whether or not it works as ”investigation software.”   While the most common deployment for this application is assisting electronic discovery (litigation) or answering FOIA requests, Sherpa Software has a number of customers who use Discovery Attender primarily for the purposes of internal investigations.  So, the answer to that question is, “yes.”   However, for novices in this field, there are some very important considerations to keep in mind when choosing software for conducting investigations.   The first question that must be answered is whether computer forensics is required to successfully conduct the investigation.

According to the Sedona Conference glossary, “Computer Forensics is the use of specialized techniques for recovery, authentication and analysis of electronic data …relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis … Computer forensics requires specialized expertise that goes beyond normal data collection.. “  To facilitate this type of work, a ”forensic copy” or exact copy of digital media is created. Analysis delves into hidden sectors of data involving areas like collecting unallocated space with bit-by-bit copies.  This can be time-consuming and very expensive.   In addition, it is very important that these types of searches are done by experts with special training in the field.

Forensic level investigations are often performed when the key evidence in a case is suspected to reside in hidden or hard-to-reach areas of media. Criminal cases, intellectual property theft and embezzlement, amongst others, often involve computer forensics examinations.   This painstaking work is done with the aid of special software that is designed for delving and analyzing the detailed, deep levels of digital devices.  There are a number of good forensic tools running the gamut from free to enterprise level; some handle the end-to-end processing of data, while others are specifically designed to target certain types of data stores. The most commonly known are Forensic Toolkit (FTK) and EnCase, but there are literally dozens, if not hundreds, of others.

Given that these forensic software tools are so impressive, why do seasoned investigators often have collection software like Discovery Attender in their arsenal?   Quite simply, it is because many investigations do not require the level of detail (or time-consuming processing) of a forensic investigation.  They want a faster tool to ensure that data is collected and analyzed both quickly and efficiently.  This is especially true when email and other network-based data (or other types of data storage) are not easily accessible for traditional forensic tools.

At this level, investigators are concerned that their collection is forensically sound where integrity of the data collection process cannot be challenged.  Collected evidence must traceable back to the original item and proven to be an exact copy of the original data. In Discovery Attender, for example, this is done via chain of custody logs, hashing values and audit trails.

Whether an investigation initiated from human resources, legal, IT, security or an outside agency, inquiries succeed by using the best tools suited for the job.  Both computer forensic software and collection tools like Discovery Attender are used to gather and analyze targeted data within a clearly defined set of goals, backed up by extensive documentation.  By understanding these goals, investigators choose which tool to use, and wise practitioners have multiple tools at the ready to address any situation.

Gain control of your electronic discovery practices and register for a free trial today.


Sherpa Software - Discovery Attender for Exchange Reviews on Capterra