Remote Forensics May Bring the Next Sea Change in E-discovery: Are All Networked Computers Now Readily Accessible Under the Revised Federal Rules of Civil Procedure?
 

Joseph J. Schwerha IV, M.S., J.D.
California University of Pennsylvania
TraceEvidence, LLC
schwerhaiv@yahoo.com
 

Scott Inch, Ph.D
Bloomsburg University
sinch@bloomu.edu
 

ABSTRACT

The recent amendments to Rule 26 of the Federal Rules of Civil Procedure created a two-tiered approach to discovery of electronically stored information (“ESI”). Responding parties must produce ESI that is relevant, not subject to privilege, and reasonably accessible. However, because some methods of storing ESI, such as on magnetic backup tapes and within enormous databases, require substantial cost to access and search their contents, the rules permit parties to designate those repositories as “not reasonably accessible” because of undue burden or cost. But even despite the difficulty in searching for ESI, the party’s duty to preserve potentially responsive evidence remains; it simply gains the option to forgo poring over the material. Further, the court might nevertheless compel production if the requesting party demonstrates good cause.

 
Regardless of whether the responding party believes certain documents to be reasonably accessible or not, courts may still require their production. In such cases, the court may then choose to order production, but shift the costs of doing so to the requesting party. Throughout this process, the burden and cost of production are central themes. Their determination is fluid, varying from case to case and even over time in the same situation. Nowhere is this more evident than where a responding party has numerous, geographically dispersed computers under its control that may contain responsive ESI to a request for production of documents. Traditionally, a responding party would be forced to make a decision of whether or not to send out computer forensic experts to all of these locations to make forensically sound copies of all of those computers and then analyze each. This process is time consuming and costly. Recently, several companies have put forth substantial solutions that facially allow a responding party to capture and analyze data on geographically dispersed computers remotely. That process, in general, is often defined as remote forensics.

 
The question is now whether newly available remote forensic solution indicate that all networked computers are readily accessible under the current state of the law. This article attempts to define remote forensics, examines a selection of applicable court decisions, and then analyzes the currently available commercial software packages that allow remote forensics.