In a recent article by Jessica Mintz, Guidance Software gets blasted for botching an internal E-Discovery request.  It is not uncommon for companies to make mistakes when providing Electronically Stored Information (ESI) for an E-Discovery request.  It is a relatively new concept, and companies are struggling to adapt.  This issue is ironically highlighted when is happens to the developers of EnCase, which is one of the most widely used computer forensics software packages.

Guidance Software has been around since 1997, and is a leader in the computer forensic software market.  Its flagship product, EnCase Forensic Edition, is probably the most widely used piece of software by computer forensic specialists. The main use of the software is recovering and reviewing data found on digital media.  Guidance has apparently failed to produce emails relevant to the wrongful-termination case of ex-marketing director Cassondra Todd.  After several months of searching, Guidance has reportedly been unable to locate the emails in question.  So what happened to the emails in question?  Here are 4 hypothetical scenarios that may explain the absent emails:

• EnCase software failed to find the relevant documents. This is very unlikely as EnCase is recognized as an industry standard and used by computer forensics specialist worldwide.
• Guidance employees are withholding the relevant emails. Again this scenario is also highly unlikely as failing to do so could result in dire consequences (just ask Qualcomm).
• Guidance Employees lack the talent to identify and pull the data with the right tools. Also highly unlikely; Guidance developed the tool. It's safe to say they know how to put it to good use.
• Guidance lacks a proper data retention policy, and the emails have been inadvertently lost or destroyed. While hopefully not the case, it has the potential of being the most realistic scenario of the four (speculative) possibilities; in our experience, many companies lack an adequate data retention policy.

It is very important for companies to have an up to date data retention policy in place, since even the best piece of forensic software will not be able to recover an email if it no longer exists within a companies' infrastructure.  A study (How Much Information? 2003) done in 2002 showed that 92 percent of the  new information created that year was stored on magnetic media such as hard drives and tapes.  ESI is playing a growing part in both civil and criminal cases, so it is crucial for a company to preserve new information it creates.  A solid retention policy helps to keep track of and preserve the 90 plus percent of information stored electronically.  Data retention is especially important when it comes to legal holds, at which point any user created documents such as emails and Word documents should not be deleted.

In the end, having the proper software and hardware is only half the battle. The best forensic software is only helpful if used properly by well-qualified individuals and, if the underlying data is maintained pursuant to an up to date document retention policy.