Skip to content
Investigations: Don’t Get Me Everything, Find Me Something

By Daniel Rupprecht on 7/3/20 9:00 AM

It has been few years now since a client called me in a state of alarm to discuss a data issue his organization was in the middle of handling. Not a breach but rather a raid conducted by a regulatory authority, where the officers had taken hundreds of thousands of digitally stored documents from the computers of several individuals.

“We have done nothing wrong” was the initial reaction.

Sadly, dawn raids are not conducted on a whim and are usually highly coordinated events built upon whistle-blower information – and as a result, I was being tasked with helping them find out why the authorities were knocking on the door.

In my career I have worked on all manner of litigation and investigations. What has been clear when deploying technology in either space is that the approach needs adjusting when taking into consideration the varying objectives. Litigation requires an approach that gets through all the agreed upon material. Number of custodians, data sources to interrogate, issues to resolve and the manner in which to achieve its end, are all negotiated ahead of time during a case management conference or the like.

When technology is deployed there is generally a complete roadmap in place, with the objective to get through it all in a reasonable time and at a reasonable cost relative to the matter at hand. Not so with investigations.

Investigation have no clear path. More often it is the “who”, the “what” and the “where” that are a mystery on day one. The objective moves from getting through all the material and shifts to an exercise in just finding something. By understanding this shift in focus, the investigating party can deploy technologies in such a way as to identify starting points. This starting point then forms the basis of all steps moving forward, built on known factors rather than guess work.

When presented with the insurmountable task of finding the why, I chose to ignore the fact that potentially hundreds of thousands of documents would need to be reviewed at speed and Instead chose to identify a starting point.

The regulator was a competition authority operating in Europe, so I naturally assumed anti-competitive behavior might be at issue. Knowing that trade shows offer a breeding ground of opportunity for competitors to interact, I asked for a few dates to consider. Once equipped with the information needed, I applied some basic analytics around email communications that were collected during the raid. This included a date analysis of two weeks prior and two weeks post the event. I looked for spikes in communications that seemed out of the ordinary for certain individuals. Finally, I applied domain parsing to the anomalies and very quickly identified communication networks between competitors that were very much outside of the norm for a couple of employees. I went from hundreds of thousands down to just a few hundred documents.

From there it was easy.

I found my starting point and very quickly built a strategic approach using discovery tools creatively, finding more in less. The important aspect of this strategy is that time and cost were not wasted reviewing aimlessly. We used advanced analytics and a bit of common sense get to information faster. By doing so we placed our client in a much better position to file for lenience and potentially receive massive reductions in fines.

The lesson in all of this is that you never know when an investigation might kick off or what they might be after when it does. In these situations, it is important to build a team that understands the varying objectives and techniques to tackle the many issues at stake.

At iDS, our consultative led approach to technology-driven discovery is at the core of our relationships with our clients to become an extension of their existing team. Through a combination of experience and industry knowledge, we strive to help our clients reach advantages that place them in a better position to make the tough decisions where technology intersects with the law.

iDiscovery Solutions is a strategic consulting, technology, and expert services firm – providing customized eDiscovery solutions from digital forensics to expert testimony for law firms and corporations across the United States and Europe.