Glossary

A

Artifacts: Remnants and other system-generated information that is used during a forensic investigation. Examples include LNK files, registry entries, log files and other nuances that occur within data associated with the filesystem, operating system and/or application and application data.

C

CLE: Continuing Legal Education. Each state has different requirements (and some, like Michigan don’t have any requirement).
CMMC: Cybersecurity Maturity Model Certification is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information.
COA: “Certificate of Authenticity”. This is the official Microsoft printed license for the OS and various Office products. Vestige records the OS COA during physical investigation of the acquisition phase in the event that we want to virtualize the computer.
COC: Chain of Custody – A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date and time it was collected or transferred, and the purpose for the transfer.

D

De-NISTing: It is a term utilized by e-Discovery firms to mean the process of removing known files found within NIST’s NSRL software hash collection.
DOE: Description of Evidence

E

ESI: “Electronically Stored Information”. The term that the subcommittee addressing e-Discovery issues with discovery at the federal level chose to use to describe anything that is discoverable and stored in electronic form.
Extracted text: During the course of conversion from Native file format into an image format such as TIFF or PDF, the textual component of the source document is extracted and included as an additional component of the Production package.

F

FRCP: “Federal Rules of Civil Procedure”. The rule set that governs the discovery process within the Federal district court system. These rules were amended on December 1, 2006 to make ESI a component within every federal case.

I

Internal metadata: A form of metadata that is kept within the document itself. While not present in every kind of document type, many document types contain some form of internal metadata. It is also important to note that there is no standard information collected and is an arbitrary collection of information that the developer feels is important. From a forensic standpoint, internal metadata can oftentimes be used to more accurately opine on items because it is not as susceptible to manipulation by the end user.
IP Theft: Intellectual Property Theft – Intellectual property theft is when someone steals an idea, creative expression, or invention from an individual or a company. IP theft can refer to someone stealing patents, copyrights, trademarks, or trade secrets. This includes names, logos, symbols, inventions, client lists, and more. Vestige is routinely engaged in these types of digital theft cases to assist counsel. In conjunction with IP Theft there are other related issues such as breaches in non-solicitation and non-compete agreements. Oftentimes the plaintiff in the matter is seeking a TRO and/or preparing for a Preliminary Injunction.

L

Litigation Hold

Litigation Hold, also known as a legal hold, is an instruction within a business organization directing employees to preserve, and refrain from destroying or modifying, certain records and information (both paper and electronic) that may be relevant to the subject matter of a pending or anticipated lawsuit or investigation. A litigation hold helps ensure that the company complies with its duty to preserve information, including electronically stored information (ESI), in litigation or in connection with an investigation.

Organizations must preserve relevant information when they reasonably anticipate a lawsuit or investigation. Their duty to preserve stems from:

A common law duty to prevent spoliation of evidence.
Certain statutes and regulations, including the Sarbanes-Oxley Act of 2002

Load file

A Load File is one of the components of a Production, this file contains the link between the Metadata, image file (TIFF/PDF) and Extracted text. The review tool, such as Summation, Concordance, Ringtail, Lextranet or any other review tool uses this file to link all the components of the Production package.

M

MAC Dates: Modified, Accessed & Created Date -. System metadata describing dates/times of file activity.
Meet and Confer: Sometimes also referred to as the 26F conference. This is a mandated meeting between the party opponents to discuss discovery issues in general. It is at this meeting that ESI decisions are to be addressed pursuant to the amended FRCP.
Metadata: This is an overly-used term within the legal industry. Strictly it means “data about data”, but that doesn’t convey useful information. Metadata is separate and distinct from the actual data it describes and is useful in a number of contexts within the entire e-Discovery process. Vestige breaks metadata into two specific types: System metadata and Internal metadata.

N

Native file: Describes data files in the original format that they are found within a system; for example a Word document, Excel document, e-mail, etc. This is in direct opposition to a file that has been converted for the purpose of reviewing by attorneys, such as a TIFF or PDF.

O

OCR: “Optical Character Recognition”. A process of extracting text from a document image (TIFF, PDF/scan, etc.) by recognizing the shape and context in which an item is found. While major improvements have occurred within the accuracy of recognition it is not 100% accurate and doesn’t compare to Extracted text. This term is often used incorrectly within the e-Discovery arena to mean extracted text or to include extracted text.

P

Preliminary Injunction: A special type of hearing that takes place very early in litigation. Like any injunction, the suit seeks to prevent someone or some organization from continuing on the path that they are currently pursuing. A preliminary injunction is an expedited mini-trial wherein the party seeking injunctive relief needs to present its evidence in such a way as to convince the fact-finder that there is a high likelihood that they will succeed in the real trial down-the-road. As such the burden of proof is very high.
Producing party: Within the Discovery process the party providing or “producing” the information.
Production: Output of our analysis/processing that is packaged in a professional manner to be delivered to either the Requesting or Producing party.

R

Requesting party: Within the Discovery process the party asking for or “requesting” the information.
RFP: “Request for Production of Documents”. The legal request that the Requesting party propounds upon its party opponent to ask for the documents/files that will help them prove or defend the claims in the matter.
Rule 702: Refers to FRCP rule 702 which designates the type of testimony considered “expert” testimony as opposed to “fact-based” testimony (Rule 701). Vestige testifies as an expert under Rule 702.

S

SLA: Service Level Agreement – An agreed upon level of guaranteed service that Vestige and the client negotiate in some specific engagement arrangements. A service-level agreement defines the level of service you expect from a vendor, laying out the metrics by which service is measured, as well as remedies or penalties should agreed-on service levels not be achieved. It is a critical component of any technology vendor contract.
SOP: Standard Operating Procedures – is a set of step-by-step instructions compiled by an organization to help staff carry out routine operations. SOPs aim to achieve efficiency, quality output, and uniformity of performance, while reducing miscommunication, errors, and failure to comply company policies and industry regulations.
SOW: Scope of Work or Statement of Work – Document detailing the specific scope of an engagement. Vestige is often asked to provide a statement of work to new and potential clients to accompany pricing quotations.
Spoliation: Legal term that means the destruction, intentional or otherwise, of evidence or data that would support one party’s claims and/or defenses against allegations and counter-claims. It is often mispronounced…note that it is “spole – ee – ay- shun” NOT “spoil-ay-shun”
System metadata: A form of metadata that is kept by the operating system or file system about individual files, such as the information encountered within the MFT like: filename, path, MAC dates, etc. For an e-mail the usually requested fields such as To, From, Subject, Date generally qualify as system metadata.

T

TPRM

TPRM stands for Third Party Risk Management. Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information or receives such information directly or indirectly from you.

Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.

The discipline is designed to give organizations an understanding of the third parties they use, how they use them, and what safeguards their third parties have in place. The scope and requirements of a TPRM program are dependent on the organization and can vary widely depending on industry, regulatory guidance, and other factors. Still, many TPRM best practices are universal and applicable to every business or organization. 

TRO

Temporary Restraining Order – A TRO is a form of injunctive relief that prevents a party or organization from continuing down a path that they are presently pursuing (i.e. using a competitor’s client list taken by a former employee to solicit new business from the competitor’s clientele).