Plan Ahead: Best Practices in Presenting Chat Data in Litigation
By Josh Williams and Michael Nelson
The inclusion of cell phone data in discovery requests is becoming more common each day. Law firms, legal departments and governmental agencies would be well served to proactively plan how they will preserve, process, review, produce, and present such data in the context of litigation and investigations.
In this article, we are going to shed light on some of the most commonly used workflows for review of chat/conversation data preserved with Cellebrite UFED or collected through Cellebrite Cloud.
Cellebrite Reader
Cellebrite offers a free reader which can open forensic images preserved by Cellebrite UFED or collected through Cellebrite Cloud. The reader allows you to see all assets collected from a device and can be an effective tool for review if you have a small number of collections and simply need to take a quick look at their contents for investigative purposes and a review platform is not available.
Cellebrite Reports – Processed through the Cellebrite Physical Analyzer
Cellebrite also has capabilities to export components of the collection into an Excel file for further review. This can be more user-friendly than the Cellebrite Reader and is easily transferrable. We find this feature leveraged when there is a small number of collections, only a subset of the forensic image needs to be transferred and reviewed by third parties and a review platform is not available.
Legal View
Cellebrite created a module titled Legal View designed to generate exports compatible with most industry-standard review platforms. This can be extremely beneficial when dealing with a large amount of data from a variety of sources and custodians requiring review in a platform.
- Concordance – The Cellebrite Legal View Concordance-style export is generally a more platform-agnostic option which can be loaded onto most industry-standard review tools. The chat/conversation data is converted to PDF in a near-native form for review and is accompanied with metadata and document-level text files for searchability in the database.
- Relativity RSMF – If you have access to Relativity, then we would strongly recommend exporting the records to Relativity Short Message Format. RSMF is a file type created by Relativity which allows for a user-friendly review of short message data. This format lets you easily process, search and review the data – including emojis. For instance, the chat/conversation data can be filtered by conversation, participants, events and/or date.
Additionally, the new RSMF Slicing feature allows for subsets of the conversation to be effectively unitized for production. This can reduce a lot of time spent redacting nonresponsive and/or privileged content.
About Everest Discovery LLC
Everest Discovery is a leading litigation support and eDiscovery provider serving legal departments, law firms and government agencies nationwide. Our core focus on solutions, service and security enables us to provide actionable insights that transform workflows, reduce risk and generate significant cost savings for our client base. We comprehensively address our clients’ business problems by incorporating best-of-breed technologies, knowledge-based services and a consultative approach. Everest is proud to be ISO 27001 certified, a certified WBENC Women’s Business Enterprise, a WOSB (Women-Owned Small Business) certified via the SBA and a GSA contractor.
Josh Williams – 1500 Walnut Street, Suite 1010, Philadelphia, PA 19102 – 215-325-1800 x109 –[email protected]
About CYBIR
CYBIR is the fusion of proactive cybersecurity solutions and reactive incident response expertise. Our team works with you to protect your business and its data, while ensuring adherence to ever-evolving and complex security and privacy frameworks. Should you be in need of post-breach assistance, litigation support or data recovery, our industry and court-recognized forensic experts are available on a moment’s notice. Our team has been credited for researching, discovering and disclosing zero-day exploits involving products from Cisco, Datto, Dell, Honeywell, HP, Kaseya, Netgear and SonicWall, among others. Ask how our penetration testing services can help mitigate a future breach today.
Michael Nelson – 304 Harper Dr., Suite 216, Moorestown, NJ 08057 – (267) 540-3337 – [email protected]