Electronic evidence



           repositories







           Electronic evidence repositories                     and attorney work product privilege. In addition to the
           in the forensic context                              security required between cases and around documents,
                                                                the entire system should meet industry-standard
           An evidence management repository is a software      security guidelines such as SOC auditing, (Health
           platform that holds and manages a master set of      Insurance Portability Accountability Act (HIPAA),
           relevant documents provided by the client. This master   General Data Privacy Regulations (GDPR), and other
           set of documents typically transcends an individual   privacy regulations. Physical security of any system
           subject matter and comprises documents that the      should include:
           client believes may be involved in actual or anticipated   •  Firewalls to prevent unauthorized access
           litigation. These documents are processed to extract
           metadata and create hash values and are indexed to   •   Encrypted communications between the end-user and
           enable searching. The platform may permit notations,   the review application as well as between the review
           classifications and sorting according to user-defined   application and the review databases and file stores
           categories. Often, the platforms assist with workflow   •  Multi-factor user authentication
           management, sorting, or batching of documents for    •   Intrusion detection to trigger response plans in the
           review, management of work processes by forensic       event of an attempted security breach, and
           or legal professionals, and management of document
           production.                                          •   Virus scanning to ensure that documents being
                                                                  processed do not corrupt the document repository
           An effective evidence management repository is         or client systems
           designed around a high-capacity, high-speed processing   Workflow
           system to maintain the authentication and defensibility
           of the evidence collected and meet the needs of the   Workflow support should be built into the front-end
           quick turnaround required as electronic evidence is   application that enables review in cases based on
           gathered, maintained, analyzed, and managed.         an evidence management repository infrastructure.
                                                                Examples of functionality that support a workflow
           Key features of an evidence management repository    approach include the following:
           Capacity — Evidence management repositories must     •   Duplicate and near-duplicate detection to reduce the
           be capable of storing and processing extremely large   volume of evidence for human review
           numbers of documents and storing large amounts of    •   Optical character recognition (OCR) that “reads” the
           data related to those documents.
                                                                  documents and identifies additional duplicates
           Security — Evidence must be viewable only by those   •   Email threading and concept clustering to collect
           who should have access. Work products must not be      related documents
           passively shared in ways that jeopardize confidentiality









                                                                  Understanding the forensic technology landscape | 16