What Changes Do We Need To See In eDiscovery? Part VII

Harold Burt-Gerrans talks about how to deal with structured data in ediscovery cases.

I’m baaaaa–ack! And you thought I was done with my earlier six-part series, but I have a new topic to
add to my rants and raves. For review, the previous series was:

And today’s new topic – Structured Data – What is it and how to deal with it

Data Types

We typically classify the documents we tend to see in eDiscovery as emails, power points, spreadsheets,
etc., and these comprise the majority of the documents in the review. However, this document
classification is really a second-level classification – the primary level is “Unstructured Data” vs. “Structured
Data”.

Unstructured Data: This data is free flowing, without any rigid rules as to how the content is organized.
Written documents such as Word files, and all the file types listed above, are typically considered
unstructured data.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Structured Data: This data is organized with defined rules – the most common types of files would be
database files, where the database consists of data tables, and each table consists of a set of columns
containing a specific type of data.

In the strictest interpretation, data files are either one or the other: structured or unstructured. That said,
there are times when there may appear to be crossover points, such as a spreadsheet that contains only a
worksheet with a defined set of columns and each row is an individual record. For example, Column A is
‘Name,’ Column B is ‘Street Address,’ Column C is ‘City,’ and so on. Conversely, there can also be free
formed text fields inside of a database – like a product description, or some other field containing text
describing an object/situation.

The eDiscovery industry has been managing unstructured data for years, so I don’t need to discuss how
well we do it, with consideration to my suggestions in the previous six articles.

Dealing with Structured Data

There are going to be exceptions to the situations I present below, however, there is a good possibility
that if you are receiving structured data, it can be managed as I will describe. Oddly, the processes being
discussed are designed to convert structured data into unstructured document types that can be
handled in typical eDiscovery platforms.

1) Packaged Application Data: There are a lot of packaged applications where the data is stored in
an underlying database. A very common example of this is an accounting system such as SAP or
QuickBooks (one extreme to the other). Depending on the nature of the matter, accounting data
may be significant. Typically packaged applications come along with either a defined set of
reports, or with a built-in report writer tool that can be used to extract the data in a format that
makes sense because the application is providing the contextual structure needed to
understand the data.

The best approach to working with this data is to work with the client staff who usually create
or use the data, to pull off reports that contain the information that would be relevant to the
matter. For example, in a Mergers and Acquisition matter, you would work with the accountants
to extract GL Ledger Reports, Balance Sheets, A/R and A/P subledger reports, etc.

2) Proprietary Databases: These are becoming more common as companies implement systems to track corporate specific data. These may be done using in-house development staff, or by leveraging external application hosting environments, such as implementing a customized complaint tracking system within SalesForce or a Support Ticketing System within a case management tool.

How do we handle these? Read part eight here.

About The Author

Harold Burt-Gerrans is Director, eDiscovery and Computer Forensics for Epiq Canada. He has over 15 years’ experience in the industry, mostly with H&A eDiscovery (acquired by Epiq, April 1, 2019).

Leave a Comment

Latest Videos

Data Extraction From UNISOC-Based Devices In Oxygen Forensic® Detective

Forensic Focus 16th November 2023 3:08 pm

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors. 

They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse.

Show Notes:

Apple Support: How Safety Check on iPhone works to keep you safe - https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web
IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/
EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users  - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users
Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/
Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/
Electronic Frontier Foundation - https://www.eff.org/

Si and Desi talk to Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation, and Emma Pickering, Head of Tech and Economic Abuse at Refuge. They discuss the impact of digital forensics and incident response (DFIR) in cases of domestic abuse. They highlight the prevalence of tech-enabled abuse, such as the use of stalkerware, and the need for comprehensive support and safety plans for survivors.

They also talk about the challenges faced by law enforcement in investigating and prosecuting these cases, as well as the importance of training and awareness in addressing tech-enabled abuse. The conversation emphasizes the need for collaboration between organizations, tech developers, and law enforcement to effectively combat domestic abuse.

Show Notes:

Apple Support: How Safety Check on iPhone works to keep you safe - https://support.apple.com/guide/personal-safety/how-safety-check-works-ips2aad835e1/web
IBM: Five Technology Design Principles to Combat Domestic Abuse - https://www.ibm.com/policy/five-technology-design-principles-to-combat-domestic-abuse/
EFF: Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users - https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users
Wesley Mission: More support to help escape family violence - https://www.wesleymission.org.au/about-us/what-we-do/helping-people-most-in-need/housing-and-accommodation/wesley-emergency-relief/more-support-to-help-escape-family-violence/
Refuge: How we can help you - https://refuge.org.uk/i-need-help-now/how-we-can-help-you/
Electronic Frontier Foundation - https://www.eff.org/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_nSWQZe9gpVk

Protecting Victims From Stalkerware And Tech-Enabled Abuse

Forensic Focus 15th November 2023 11:11 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles