LITIGATION SUPPORT TIP OF THE NIGHT

Recently, Xact Data Discovery posted a new episode of its podcast series, First Chair, in which Mike Gutierrrez discussed data preservation and collection in Slack, the collaboration software. Here are some key points:

1. Use of the software has grown widely in the past five years, and Slack is now used by 65 of the Fortune 100.

2. Unlike many other collaboration applications and messaging services, Slack generally allows for unlimited storage of messages.

3. While email messages can't be edited, Slack messages can.

4. Slack does not include a built-in litigation hold function.

5. There are four subscriptions available:

a. The free subscription will only allow 10,000 messages to be stored.

b. A standard subscription will allow for unlimited message storage, but does not give you the ability to export messages with attachments.

c. The media plus subscription includes the corporate export option which allows for the export of all stored content, including attachments, but does not let an admin target specific data ranges to export.

d. The enterprise subscription allows for the use of third-party APIs to facilitate electronic discovery, but doesn't also include corporate export. Several APIs are in development. Currently Onna; Hanzo; Global Relay; and Smarsh have APIs for Slack.

6. Slack integrates with many different applications including Dropbox and Microsoft OneDrive. Some data exchanged using Slack, including screen shares, may not be captured by a discovery API.

7. Data exported from Slack will be in be in separate JSON files for channels; users; integration logs; and folders.

Digital Corpora, operating under a grant from the National Science Foundation, has posted electronic files here, which can be used to test forensic and electronic discovery techniques.

A thousand separate directories, each with a thousand files, can be downloaded for review. A set of more than 100,000 jpegs is available. The metadata for the files includes search terms; search engines used to find the files; and SHA1 hash values. The files were collected from the United States government. Malware has been deliberately left in the data. The full set includes nearly one million files in a wide variety of formats. One possible drawback is that a very small number of the files (only about 2000) are email files.

Digital Corpora has also posted images made of cell phones, and disk images. PII data has been removed from the disk images. Forensics students can practice with disk images in the EnCase format. These contain information on how data was taken from a fictional businessperson's laptop, and the challenge is to find out if the data was taken by a malicious actor, or intentionally disclosed by the employee.

Financial regulations require many businesses to retain archives of business communications.  Global Relay is widely used by financial firms to comply with these requirements.   22 of the 25 biggest banks in the world use Global Relaay. 

When conducting electronic discovery inquire as to whether or not a client uses its services to manage email, instant messages, Bloomberg messages, and social media DMs.  

Its apps for smartphones may allow businesspeople to access message archives on the go.