Reducing data volumes by 70% through rapid digital triage

The Challenge:

CCL Group were approached by a corporate client who urgently needed to look at data in an employment matter that their HR, internal legal team and law firm were working on. They had previously transferred data via Secure File Transfer Protocol (SFTP), which although safe and familiar to CCL, can be slow when transferring large data volumes.

A triage approach can massively reduce investigation costs through the early identification, collection and preservation stages while accelerating initial processing and review resulting in a more efficient overall investigation workflow.

Overcoming the Challenge:

Using our very clever data triage tool, SPEKTOR, CCL were able to scope the urgent data to decide exactly how much the client actually needed or wanted to review.

SPEKTOR is a certified digital triage software that can be sent (couriered by our personal service) to a client on a securely configured disk.  The disks can be made to only collect the data that is needed from devices that are of interest to the investigation, to understand the early implications, facts, figures and entities associated with a matter in order to help inform what data needs to be reviewed either as a priority to start with or in entirety.

Because SPEKTOR can deal with many  data types,  the internal client team were able to get a full picture of what went on inside the organisation as well outside including messages and information sent to family and friends.

A fast drive containing the SPEKTOR software provided an ability to triage the data at the client site on this occasion but it is also entirely possible to use hardware encrypted collectors and send the preserved data back to CCL for initial processing and dissemination or for upload to our cloud platform for processing and review.

The Result:

In this case, a much smaller percentage of data was identified for full review.  Having been able to use SPEKTOR to collect the data (c. 1T) and triage it to understand the key players, dates and identify potentially responsive emails and documents as well as social media posts, the client was able to reduce the overall data set substantially to just 30% of the total.

On sending the drive back to CCL’s fully operational 24/7 digital forensic labs, CCL was able to provide the subset of data for review using our secure Azure cloud remote review facility.  Our client and their law firm team were able to 'dig deeper' into the data, performing intelligent searches which revealed complex trains of communication between a number of custodians.  The ability to tag, redact and share produced document sets made this easy to achieve entirely remotely - and all totally defensibly.