Home   >   CSC-OpenAccess Library   >    Manuscript Information
Interplay of Digital Forensics in eDiscovery
Sundar Krishnan, Narasimha Shashidhar
Pages - 19 - 44     |    Revised - 31-03-2021     |    Published - 30-04-2021
Volume - 15   Issue - 2    |    Publication Date - April 2021  Table of Contents
Digital Forensics, eDiscovery, Electronically Stored Information (ESI), Security, Evidence Management.
Digital forensics is often confused with eDiscovery (electronic discovery). However, both the fields are highly independent of the other but slightly overlap to assist each other in a symbiotic relationship. With decreasing costs of cloud storage, growing Internet speeds, and growing capacity of portable storage media, their chances of being used in a crime have grown. Sifting through large volumes of evidential data during eDiscovery or forensically investigating them requires teams from both these fields to work together on a case. In this paper, the authors discuss the relationship between these disciplines and highlight the digital forensic skills required, sub-disciplines of digital forensics, the possible electronic artifacts that can be encountered in a case, and the forensic opportunities relative to the eDiscovery industry. Lastly, the authors touch upon the best practices in digital evidence management during the eDiscovery process.
1 Google Scholar 
2 refSeek 
3 BibSonomy 
4 ResearchGate 
5 J-Gate 
6 Scribd 
7 SlideShare 
A. Antwi-Boasiako and H. Venter. “A model for digital evidence admissibility assessment”, Advances in Digital Forensics XIII., vol.511. Springer New York LLC, pp. 23–38. [Online]. Available: https://link:springer:com/chapter/10:1007/978-3-319-67208-3 2, 2017, [Accessed October 8, 2020].
A. Kuperman. (2010), “Case Law on Elements of a Potential Preservation Rule, Memorandum to the Discovery Subcommittee,” pp. 5–17, [Online]. Available: https://www:uscourts:gov/sites/default/files/case law on elements of a potential preservation rule.pdf, [Accessed October 5, 2020].
A. Majeed, H. Zia, R. Imran, and S. Saleem. (2016 January), “Forensic analysis of three social media apps in windows 10,” in 2015 12th Int. Conf. High-Capacity Opt. Networks Enabling/Emerging Technol. HONET-ICT 2015. Institute of Electrical and Electronics Engineers Inc., [Accessed September 19, 2020].
A. O’Leary, “Google Maps causes divorce after husband spots ’cheating’ wife cuddling another man”, [Online]. Available: https://www:mirror:co:uk/news/weird-news/google-maps- causesdivorce-after-13396055, 2018, [Accessed October 5, 2020].
A. Smith. (2015), “U.S. Smartphone Use in 2015 — Pew Research Center”, [Online]. Available: https://www:pewresearch:org/internet/2015/04/01/us-smartphone-use-in-2015/ [Accessed October 30, 2020].
A. Tillekens, N.-A. Le-Khac, and T.-T. Pham-Thi, “A Bespoke Forensics GIS Tool”, [Online]. Available: http://arxiv:org/abs/1704:03452, April 2017, [Accessed September 12, 2020].
B. Carrier, “Defining Digital Forensic Examination and Analysis Tools”, in Digit. Forensic Res. Work., [Online]. Available: https://www:dfrws:org/sites/default/files/session- files/presdefiningdigital forensic examination and analysis tools:pdf, 2001, [Accessed September 12, 2020].
B. McFadden, E. Balasubramani, and W. E. Miebaka. (2020), “Forensic Analysis of Microblogging Sites Using Pinterest and Tumblr as Case Study,” in Zhang X., Choo KK. Digit. Forensic Educ. Stud. Big Data. Springer, Cham, pp. 243–279. [Online]. Available: https://link:springer:com/chapter/10:1007/978-3-030-23547-5 13, [Accessed September 19, 2020].
B. Schneier, “Web Activity Used in Court to Portray State of Mind - Schneier on Security.” [Online]. Available: https://www.schneier.com/blog/archives/2014/07/web_activity_us.html, July 2014, [Accessed September 19, 2020].
B. T. Ward, C. Purwin, J. C. Sipior, and L. Volonino. (2009 September), “Recognizing the impact of E-discovery amendments on electronic records management”, Inf. Syst. Manag., vol. 26, no. 4, pp. 350–356, [Online]. Available: https://www:tandfonline:com/doi/abs/10:1080/10580530903245721, [Accessed October 7, 2020].
C. A. Vyas and M. Lunagaria, “Security Concerns and Issues for Bitcoin,” Tech. Rep. [Online]. Available: https://en:bitcoin:it/wiki/, [Accessed September 27, 2020].
C. Tilbury, “SANS Digital Forensics and Incident Response Blog — Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1) — SANS Institute”, [Online]. Available: https://www:sans:org/blog/big-brother-forensicsdevice-tracking-using-browser- based-artifacts-part-1/, 2019, [Accessed September 18, 2020].
C4ADS, “Above Us Only Stars — Exposing GPS Spoofing in Russia and Syria,” Tech. Rep., [Online]. Available: https://www:c4reports:org/aboveusonlystars, 2019, [Accessed September 17, 2020].
D. Garrie and J. D. Morrissy. (2014), “Digital Forensic Evidence in the Courtroom: Understanding Content and Quality,” Northwest. J.Technol. Intellect. Prop., vol. 12, no. 2, [Online]. Available: https://scholarlycommons:law:northwestern:edu/njtip/vol12/iss2/5, [Accessed October 10, 2020].
D. Palmer, E. Blackburne, T. Lemoine, X. Zhang, K.R. Choo. (2020), “DFRWS IoT Forensic Challenge Report 1,” in Digital Forensic Education: An Experiential Learning Approach, pp. 13–28. [Online]. Available: https://link:springer:com/chapter/10:1007/978-3-030-23547-5 2#citeas, [Accessed September 14, 2020].
D. Stroukal and B. Nedvedová, “Bitcoin and other cryptocurrency as an instrument of crime in cyberspace,” Proc. Bus. Manag. Conf., 2016. [Online]. Available: https://ideas.repec.org/p/sek/ibmpro/4407036.html, [Accessed September 27, 2020].
DigiCert, “Why digital certificates are essential for managing mobile devices,” 2020. [Online]. Available: https://www:digicert:com/resources/solution-brief/why-digitalcertificates-are- essential-for-managing-mobile-devices-05-04-20:pdf, [Accessed September 20, 2020].
E. Lam, “Binance Hack: 7,000 Bitcoin Worth $40 Million Stolen By Hackers - Bloomberg”, [Online]. Available: https://www:bloomberg:com/news/articles/2019-05-08/crypto-exchange- giant-binance-reports-a-hack-of-7-000-bitcoin, 2019, [Accessed September 27, 2020].
FindLaw Attorney Writers, “Delete At Your Peril: Preserving Electronic Evidence During The Litigation Process,” FindLaw, [Online]. Available: https://corporate:findlaw:com/litigation- disputes/delete-at-your-peril-preserving-electronic-evidence-during-the:html, 2018, [Accessed October 5, 2020].
G. S. Bellas, “Internet Evidence: How to Authenticate Evidence From the Internet Under the New Illinois Rules of Evidence.” [Online]. Available: https://www:bellas- wachowski:com/internet-evidence-howto-authenticate-evidence-from-the-internet:html, [Accessed September 19, 2020].
J. Koppel. (2012), “Federal Common Law and the Courts’ Regulation of Pre-Litigation Preservation,” SSRN, [Online]. Available: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2154484, [Accessed October 5, 2020].
J. Marchi, “7 Reasons to Use Digital Certificate for Mobile Authentication,” 2016. [Online]. Available: https://www:globalsign:com/en/blog/using-digital-certificates-for-mobile- authentication, [Accessed September 22, 2020].
J. O. Holley, P. H. Luehr, J. R. Smith, and J. J. Schwerha. (2010), “Electronic discovery”, in Handb. Digit. Forensics Investig. Elsevier Ltd, ch. 3, pp. 63–133.
J. Oh, S. Lee, and S. Lee. (2011 August) “Advanced evidence collection and analysis of web browser activity”, in The Proceedings of the Eleventh Annual DFRWS Conference, vol. 8, no., pp. S62–S70, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1742287611000326, [Accessed September 21, 2020].
J. R. Vacca, “THE RULES OF EVIDENCE”, in Computer Forensics: Computer Crime Scene Investigation, Charles River Media; 1st edition, p. 124., 2005, [Accessed October 8, 2020].
K. Burke, “107 Texting Statistics That Answer All Your Questions,”[Online]. Available: https://www:textrequest:com/blog/textingstatistics-answer-questions/, 2016, [Accessed September 05, 2020].
K. Redshaw, “What is Metadata in Web Writing?” [Online]. Available: https://www:kerryr:net/webwriting/metadata what is:htm, [Accessed September 14, 2020]
Krishnan, S., Zhou, B., & An, M. K. (2019). Smartphone Forensic Challenges. International Journal of Computer Science and Security (IJCSS), 13(5), 183. [Online]. Available: http://www:cscjournals:org/manuscript/Journals/IJCSS/Volume13/Issue5/IJCSS-1501:pdf, [Accessed September 18, 2020].
L. Daniel and L. Daniel, Digital Forensics for Legal Professionals, Elsevier Inc., [Online]. Available: https://www:sciencedirect:com/book/9781597496438/digital-forensics-for-legal- professionals, 2012, [Accessed September 12, 2020].
M. Doran, “A Forensic Look at Bitcoin Cryptocurrency,” SANS Inst. Inf. Secur. Read. Room, [Online], Available: https://www.sans.org/reading-room/whitepapers/forensics/paper/36437, 2020, [Accessed October 4, 2020].
M. E. Bale, “Trial Bar News,” Schwartz Semer. Atty. Law, [Online]. Available: https://www:schwartzsemerdjian:com/trialbar-news/evidence-preservation-and-litigation- holds, 2016, [Accessed October 5, 2020].
M. Hohman, “Man Divorces Wife After Catching Her Cheating on Google Maps”, [Online]. Available: https://people:com/home/man-catches-wife-cheating-google-maps-street-view- they-divorce/, 2018, [Accessed October 5, 2020].
M. N. Yusoff, A. Dehghantanha, and R. Mahmod. (2017 January), “Forensic Investigation of Social Media and Instant Messaging Services in Firefox OS: Facebook, Twitter, Google+, Telegram, OpenWapp, and Line as Case Studies,” in Contemp. Digit. Forensic Investig. Cloud Mob. Appl.Elsevier Inc., pp. 41–62., [Accessed September 19, 2020].
M.-H. Maras and M. D. Miranda. (2017 January), “Overlooking forensic evidence? A review of the 2014 International Protocol on the Documentation and Investigation of Sexual Violence in Conflict”, Glob. Secur. Heal. Sci. Policy, vol. 2, no. 1, pp. 10–21, [Online]. Available: https://www:tandfonline:com/doi/abs/10:1080/23779497:2017:1281088, [Accessed October 1, 2020].
N. A. Hassan and R. Hijazi. (2017), Data Hiding Techniques in Windows OS. Elsevier, [Online]. Available: https://www:sciencedirect:com/book/9780128044490/data-hiding- techniques-in-windows-os, [Accessed September 12, 2020].
National Forensic Science Technology Center, “A Simplified Guide To Forensic Audio and Video Analysis”, Forensic Science Simplified [Internet] USA., [Online]. Available: http://www.forensicsciencesimplified.org/av/, September 2013, [Accessed September 19, 2020].
P. Manchester, “An Introduction To Forensic Audio.” [Online]. Available: https://www:soundonsound:com/techniques/introduction-forensicaudio, [Accessed September 19, 2020].
R. A. Musiala, T. M. Goody, V. Reynolds, L. Tenery, M. McGrath, C. Rowland, and S. Sekhri. (2020 March), “Cryptocurrencies: Forensic techniques to meet the challenge of new fraud and corruption risks, [Online]. Available: https://www.aicpa.org/content/dam/aicpa/interestareas/forensicandvaluation/newsandpublic ations/downloadabledocuments/eye-on-fraud-cryptocurrency-202003.pdf, [Accessed October 4, 2020].
R. Attoe. (2015), “Digital forensics in an eDiscovery world,” in Digit. Forensics, Threat. Best Pract., ch. 6, pp. 85–98.
R. Chozick, “How To Align Your Forensics Support to Your Case Timeline — Flashback Data,” [Online]. Available: https://www:flashbackdata:com/how-to-align-your- forensicssupport-to-your-case-timeline/, 2018, [Accessed September 04, 2020].
R. D. Pittman and D. Shaver. (2010 January), “Chapter 5 - Windows Forensic Analysis”, in Handbook of Digital Forensics and Investigation. Elsevier Ltd, pp. 209–300.
S. Bommisetty, R. Tamma, and H. Mahalik. (2014), “Rules of evidence,” in Practical. Mobile Forensics, ch 1, p. 23., [Accessed October 8, 2020].
S. Gilbertson, “Google Latitude Broadcasts Your Location — WIRED”, [Online]. Available: https://www:wired:com/2009/02/googlelatitude/, 2009, [Accessed September 15, 2020].
S. Ikram and H. Malik. (2010), “Digital audio forensics using background noise,” IEEE International Conference on Multimedia and Expo, ICME 2010, pp. 106–110. [Online]. Available: https://ieeexplore.ieee.org/document/5582981, [Accessed September 20, 2020].
S. J. Vaughan-Nichols, “FAQ: How Google Latitude locates you — Computerworld”, [Online]. Available: https://www:computerworld:com/article/2530970/faq--howgoogle- latitude-locates-you:html, 2009, [Accessed September 17, 2020].
S. Krishnan and N. Shashidhar, (2019), “eDiscovery Challenges in Healthcare”, Int. J. Inf. Secur. Sci., vol. 8, no. 2, [Online]. Available: https://www.ijiss.org/ijiss/index.php/ijiss/article/view/374, [Accessed October 10, 2020].
S. Krishnan, A. Neyaz, and N. Shashidhar, (2019), “A Survey of Security and Forensic Features In Popular eDiscovery Software Suites”, International Journal of Security (IJS) vol.10, no.2, pp 16-30, [Online]. Available: https://www.cscjournals.org/library/manuscriptinfo.php?mc=IJS-152#MCAI, [Accessed October 10, 2020].
S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” Tech. Rep. [Online]. Available: https://bitcoin:org/bitcoin:pdf, [Accessed September 25, 2020].
S. Russolillo, “Hackers Swipe More Than $40 Million of Bitcoin From Cryptocurrency Exchange - WSJ”, [Online]. Available: https://www:wsj:com/articles/hackers-swipe-more- than-40-million-ofbitcoin-from-cryptocurrency-exchange-11557296830?tesla=y, 2019, [Accessed September 27, 2020].
S. Scheindlin. (2010), “UNIV. OF MONTREAL PENSION PLAN v. Banc of Am. SEC., 685 F. Supp. 2d 456”, [Online]. Available: https://www:courtlistener:com/opinion/1881971/univ-of- montreal-pension-plan-v-banc-of-am-sec/, [Accessed October 5, 2020].
S. V. Ettari, “Reasonable Anticipation of Litigation Under FRCP 37(e): Triggers and Limits,” KRAMER LEVIN Naft. FRANKEL LLP, 2017, [Accessed October 10, 2020].
T. S. Conference, “The Sedona Conference Database Principles, Addressing the Preservation and Production of Databases and Database Information on Civil Litigation,” in Sedona Conf. Work. Gr. Electron. Doc. Retent. And Production, [Online]. Available: https://thesedonaconference:org/sites/default/files/publications/171-216DatabasePrinciples 0.pdf, 2014, [Accessed September 22, 2020].
“Admissibility of Digital Evidence in Court,” [Online]. Available: https://www:atlanticdf:com/blog/2017/12/18/admissibilityof-digital-evidence-in-court/, 2017, [Accessed October 8, 2020].
“Advisory Committee on Civil Rules, Agenda Book,” pp. 101–107, [Online]. Available: http://www:uscourts:gov/uscourts/RulesAndPolicies/rules/AgendaBooks/Civil/CV2011-11:pdf, 2011, [Accessed October 5, 2020].
“Audio forensics - Wikipedia.” [Online]. Available: https://en:wikipedia:org/wiki/Audio forensics, [Accessed September 18, 2020].
“Automated Oracle data discovery and classification from Netwrix.” [Online]. Available: https://www:netwrix:com/oracle data discovery.html, [Accessed September 22, 2020].
“Cryptocurrency and Forensic Accounting of Marital Assets,” 2019. [Online]. Available: https://experts-blog:com/2019/01/28/cryptocurrency-and-forensic-accounting-of-marital- assets-in-divorce/.
“Data Collection - Basics of E-Discovery Guide.” [Online]. Available: https://www:exterro:com/basics-of-e-discovery/data-collection/, [Accessed September 11, 2020].
“Database Discovery — iDS.” [Online]. Available: https://idiscoverysolutions:com/database- discovery, [Accessed September 23, 2020].
“E-Discovery & Digital Forensics - Data Preservations.” [Online]. Available: https://www:avansic:com/Services/DataPreservation/, [Accessed October 5, 2020].
“E-Discovery Basics: Preservation of ESI, Part 2 (Vol. 1, No. 6),” [Online]. Available: https://www:gibsondunn:com/e-discoverybasics-preservation-of-esi-part-2-vol-1-no-6/
“Federal Rules of Civil Procedure — Federal Rules of Civil Procedure — US Law — LII / Legal Information Institute.” [Online]. Available: https://www:law:cornell:edu/rules/frcp, [Accessed October 7, 2020].
“Federal Rules of Evidence — Federal Rules of Evidence — US Law — LII / Legal Information Institute.” [Online]. Available: https://www:law:cornell:edu/rules/fre, [Accessed October 7, 2020].
“Key Differences Between eDiscovery and Digital Forensics,” [Online]. Available: https://teris:com/key-differences-betweenediscovery-and-digital-forensics/, 2012, [Accessed September 05, 2020].
“McPeek v. Ashcroft - 202 F.R.D. 31 (D.D.C. 2001)”, [Online]. Available: https://casetext:com/case/mcpeek-v-ashcroft-3, 2001, [Accessed October 5, 2020].
“Reforming Rules on Government Destruction of Evidence.” [Online]. Available: https://www:greenspunlaw:com/blog/governmentdestruction-of-evidence:cfm, 2011, [Accessed October 5, 2020].
“Rule 26. Duty to Disclose; General Provisions Governing Discovery — Federal Rules of Civil Procedure — US Law.” [Online]. Available: https://www:law:cornell:edu/rules/frcp/rule 26, [Accessed October 9, 2020].
“Searchable e-Discovery Case Log.” [Online]. Available: https://ediscovery:klgates:com/, [Accessed September 22, 2020].
“SQL Data Discovery & Classification – SQL Server — Microsoft Docs.” [Online]. Available: https://docs:microsoft:com/en-us/sql/relational-databases/security/sqldata-discovery-and- classification?view=sql-server-ver15&tabs=t-sql, [Accessed September 22, 2020].
“What is Audio Forensics? Recordings used in Litigation.” [Online]. Available: https://www:audioforensicexpert:com/what-isaudio-forensics/, [Accessed September 20, 2020].
”Watergate” and Forensic Audio Engineering.” [Online]. Available: http://www:aes:org/aeshc/docs/forensic:audio/watergate:tapes:introduction:html, [Accessed September 19, 2020].
Mr. Sundar Krishnan
Department of Computer Science, Sam Houston State University, Huntsville, TX - United States of America
Dr. Narasimha Shashidhar
Department of Computer Science, Sam Houston State University, Huntsville, TX - United States of America