Working from Copies

HDDImage by ogal via Flickr

In the course of a conversation with a peer in the Litigation Support industry last week about best practices, a question struck me, that I don’t really have an answer for. I’ve always believed that when it came time to process, or search, collected data that came in from a client, you should always copy that data to your network, then put the source media on the shelf, for safe keeping.

The theory, of course, is that, no matter what happens to your copied data, you always have that “clean” copy available if you need it. Surely, that’s the safe thing to do, right? But what if it’s not?

Doesn’t the very act of copying that data introduce another point of failure? What if you make a mistake with copying the data, say leaving a switch out of your Robocopy command, thus failing to bring over an important piece of metadata, or bring it over incorrectly? Doesn’t this risk intensify if the person doing the copying has more of a legal background compared to a tech one?

Now, don’t get me wrong, I am not talking about forensic images here, surely I agree that if you had a hard drive copied forensically, bit by bit, you would want a second forensic copy to work from, always leaving one hard drive on the shelf, untouched, not connected to a PC or read from. That’s the best way to guarantee that you have a good copy of not just the active data, but also the slack space, and recoverable deleted data of the original drive.

On the other hand, if you get a CD or DVD or even an external HD from a client that contains just the data that they copied over from their network, does it make sense to copy it again, or does it save time, and this extra risk, just to process it straight from the source? Especially when you consider that most ESI processing programs simply pull from the source location, extracting metadata and making it’s own copy of the original documents?

What do you consider best practices in this area? Granted, the extra copying is a small risk, but with so many law firms being so risk averse these days, is it small enough to not worry about? Let me know your thoughts!

Reblog this post [with Zemanta]

Similar Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.