We are able remotely access, analyze, filter and collect discovery data anywhere in the world via a web browser and a secure Internet connection to our cloud servers. This convenient service enables us to instantly retrieve data from laptops, desktops, servers, network shares, virtual machines and cloud servers in a forensically sound manner at a very competitive price point.
No longer is it a requirement to send teams of technicians to remote or disparate locations to perform basic data collection tasks for a discovery matter or investigation. This innovative cloud service provides significant cost savings, time savings and convenience that has a dramatic impact on litigation budgets.
Remote Email & Web Email Collection
- Microsoft Exchange
- IMAP / Web EMail (Gmail, Yahoo!, AOL, Hotmail, Windows Live, Outlook, Others)
Remote Data Collection
- Laptops
- Desktops
- Servers
- Network Shares
- Virtual Machines
- MS Exchange Servers
- Cloud Servers
Remote Reporting & Data Filtering
- Reduces Data Volumes Prior To Collection
- Provides Early Data Knowledge
- NEW FEATURE: de-NIST and de-Duplicate PRIOR to collecting data!
Everyone seems to have a smart phone. These devices store a wide variety of information, some not even apparent to the owner. Our data collection teams are equipped to retrieve data from cell phones and other mobile devices in a forensically sound manner that preserves the evidence, ensuring that it is admissible in court proceedings.
The extent to which we can recover data is heavily based on the cell phone or device model. However, we can extract some useful data from about 95% of all cellular phones on the market today, including smartphones and PDA devices (Palm OS, Microsoft, Blackberry, Symbian, iPhone, and Google Android).
Here are some of the types of information we can gather:
- Phonebook contacts
- Phone details: IMEI / ESN and Phone number
- ICCID and IMSI
- SIM location information: TMSI, MCC, MNC, LAC
- Text messages including deleted SMS off SIM / USIM
- Call logs ( Missed / Dialed / Received including deleted call histories off SIM / USIM )
- Pictures
- Videos
- Audio files
- Ringtones
- Geo tagging pictures and mapping through Google Earth
- Password Extraction
- Bypass SIM Locked phones (carrier lock) when original SIM is not available.
- Unicode Extraction for Multiple Languages
Today's 24/7/365 global economy often does not allow for server downtime to undertake typical forensic collections, nor do many court mandated deadlines allow enough time to collect data at geographically dispersed locations.
Our data collection teams are able to remotely capture live data - including RAID disks, physical drives, logical volumes, and physical memory (32 & 64 bit Windows) - in a forensically sound manner via IP network connection. We can connect to a target device, whether it is a server located downstairs in the corporate data center or a PC in a remote office halfway around the world, as long as there is connectivity within the corporate network.
Target environments supported include:
- Windows: 2000, XP, 2003, Vista, 2008, & 7, 32 and 64bit, Physical memory only supported on 32bit and 64bit Windows
- Apple OSX: OSX 10.3,10.4,10.5,10.6 Universal Binary, *FK only supports Intel Apple OSX
- Linux: most Linux distributions build on Glibc 2.3.5 and higher, Android on ARM, and Embedded Linux
- Solaris: Solaris 8, 9, & 10 on SPARC and OpenSolaris on Intel
- IBM AIX: AIX 5.1,5.2,5.3,6.1 on the Power processor
- HPUX: HP_UX11iv2,11iv3 on the Itanium processor
- FreeBSD: AIX 7 on the Intel/i386 processor
- SCO: SCO OpenServer 6 and Unixware 7 on the Intel/i386 processor
The term "forensic imaging" often envokes thoughts of popular TV shows, but in practice forensic imaging can be defined as "the process where the entire drive contents are imaged to a file and checksum values are calculated to verify the integrity (in court cases) of the image file (often referred to as a "hash value")." (Wikipedia)
Data Collection Teams from Global EDD Group use a controlled and documented analytical methodology to identify, collect and preserve digital information from external storage devices (USB Hard Drives), flash media (thumb drives, SD cards), personal computers (PC and Mac), servers and mobile devices (phones, PDAs, smart phones).
Realiizing that no two projects or IT environments are alike, our teams leverage a wide range of software and hardware tools to preserve digital information for ongoing electronic discovery processing or detailed forensic investigation.
Whether it be one hard drive or terabytes of enterprise data, Global EDD Group is your resource for forensic imaging services.
Our social media preservation service securely archives and indexes data from your company websites, blogs, Twitter accounts and Facebook pages. It's a fully automated service that sensibly addresses your organization's compliance and regulatory obligations.
The service automatically crawls your web properties at chosen intervals, building an archive of html source code and resources, high quality snapshots, and a robust full-text search index. The service makes it a breeze to go back in time with all of your websites, blogs, Twitter accounts and Facebook fan pages to search content, preview the site, and export the data.
Enterprise Discovery Response ("EDR") from Global EDD Group is an integrated set of litigation preparedness tools for use behind the corporate firewall, including the ability to find and analyze documents centrally, enforce in-place legal holds, issue and track hold notifications, and automate document collection. The result is simple and efficient responses to discovery requests that ensure real compliance and provide immediate insight into relevant information. Enterprise Discovery Response will also greatly reduce the costs typically associated with the manual collection of documents in response to discovery requests or subpoenas.
EDR Agents
Although EDR agents are designed to sit on systems across the organization in order to manage the lifecycle of corporate ESI, Global EDD Group is just as easily able to deploy EDR agents in an on-demand fashion when a litigation, investigation, or compliance issue arises.
EDR agents deployed across an enterprise environment – to desktops, email servers, document management systems, and file shares – provide visibility and control of all unstructured data. EDR agents are lightweight and simple to deploy. Upon encountering new ESI, the agent hashes the file with a unique identification and extracts all searchable text and metadata. This information is sent to a central retention server, where it is available for search and analysis and centralized control. These agents can be used to hold and collect relevant information, and can be decommissioned and re-commissioned as needed.
Analyze Documents Prior to Collection
Search and analytics tools allow EDR to identify and refine the set of documents that need to be placed on hold. To cull the growing mass of unstructured data in organizations, EDR provides powerful analytical capabilities, including concept search, communication mapping, and clustering, as well as more traditional methodologies such as keyword and metadata search. EDR's communication mapping display enables an enterprise to identify quickly the individuals who have been communicating with custodians who have documents on hold, allowing the organization to select additional custodians easily.
Because EDR hashes and extracts text and metadata from every document it encounters and manages data in-place, search and analysis can take place prior to moving data to a central repository. Furthermore, since EDR classifies and tracks documents throughout their lifecycle, EDR's metadata is far richer than that of any other system. For instance, EDR is able to track and record the history and location of every document, making de-duplication and collecting and producing copies of the same document a thing of the past.
EDR's search capabilities are dynamic in that they allow an organization to use each type of search in conjunction and to move back and forth between and among search tools so that only those documents truly implicated by a request (i.e., potentially relevant) are held and preserved. Moreover, each search can be against an enterprise's entire universe of documents or any subset, rather than a predefined subset that may have incorrectly excluded whole groups of documents or custodians.
Enforce a Real Legal Hold In Place
With agents deployed, EDR automatically suspends documents from their normal retention policy as soon as they are put on hold. Creating a hold is as simple as running a search. Holds are enforced in place and do not impact end users. Applying holds automatically and consistently allows for a truly defensible process. In addition, since documents do not have to be collected to be held, holds can be applied much more broadly without incurring additional cost or disruption.
Notification Manager
EDR's includes a full-featured notification module to inform custodians of their preservation obligations in the event of a litigation or investigation. The notification module's capabilities are industry leading and include LDAP integration for individuals and groups, notification templates, customizable surveys and survey templates, reminders, tracking of employee acknowledgments and responses, and comprehensive reporting.
While Enterprise Discovery Response includes a complete notification module, what truly differentiates EDR from its competitors is the ability to go beyond merely telling custodians not to destroy potentially relevant documents; rather, EDR actually ensures that all documents are preserved at the earliest possible moment. With EDR agents running, documents can be centrally identified and preserved in place, without any end-user disruption.
Centralized Automated Collection
When a truly relevant set of documents has been accumulated via search, collections can happen centrally, automatically, and transparently (without the need to visit every data source separately). Because EDR gives every document a unique identifier and tracks the various locations of each document, collection also occurs without the need for de-duplication, or the need to collect data from one particular location. EDR can also collect individual messages from PSTs (rather than the whole PST). Collections are forensically sound, and data is automatically placed in EDR's litigation repository behind the enterprise firewall. From this repository, the data may be securely transfered to our flat rate e-discovery service, processed in our global discovery network, reviewed in Rational eDiscovery or exported for use on another platform of your choice.
