Data Breach Trending in 2022

Data breach… this seems to be the hot topic in not just the legal industry, but in the corporate world today. Now more than ever, companies find themselves vulnerable to data breach and ransomware. Read more

EDRM’S Illumination Zone: Cobra Legal’s Doug Kaminski & John Pappas sit down with Kaylee & Mary

EDRM Global Podcast Network’s Illumination Zone: Doug Kaminski, Chief Revenue Officer and John Pappas, Senior Director of EDRM Trusted Partner, Cobra Legal Solutions, sit down with Kaylee & Mary to talk about their approach to pricing alignment with clients and what attracted John Pappas to Cobra. Read more

Speaking Project Management in eDiscovery: Managing the Triple Constraint

Speaking Project Management in eDiscovery Includes Managing the Triple Constraint

Our last post concluded our Speaking Technical in eDiscovery series by discussing the importance of understanding metadata. Understanding legal and technical concepts are important to speaking the languages of eDiscovery, but you can’t succeed in discovery projects without speaking project management. And one of the most important project management concepts to understand is the triple constraint of project management. Read more

Speaking Technical in eDiscovery: Understanding Metadata

Speaking Technical in eDiscovery Includes Understanding Metadata

In our last post, we discussed the role of digital forensics in eDiscovery. Our last post in the Speaking Technical series (for now at least) discusses perhaps the most important, yet most misunderstood, type of data there is – metadata!

Defining Metadata

The most common definition you hear about metadata is that it’s “data about data”. What does that mean exactly? The Sedona Conference® Glossary of Terms that we discussed in this post defines metadata as:

“The generic term used to describe the structural information of a file that contains data about the file, as opposed to describing the content of a file.”

It’s the data about the file (metadata) that can be useful to understanding the evidence associated with the content of the file and even confirm or refute that content as authentic.

Imagine if you were in New York at Legalweek and you witnessed an auto accident in front of the New York Hilton, so you take a picture of the accident aftermath with an iPhone. The picture, of course, is the content and the evidence of the accident. But the iPhone stores several metadata fields associated with the picture which can help to authenticate the evidence, including:

  • Date and Time: The iPhone tracks the date and time each picture was taken, which can prove you were there at the time of the accident.
  • Geolocation: Your Android or iPhone tracks the geolocation of each picture it takes, which can prove the picture was taken at that location.
  • Phone Description: The iPhone also tracks the type of phone that took the picture so that you can verify it was your iPhone (at least the same type of iPhone) that took the picture.

We’ve seen many cases where the metadata (or lack thereof) was used to refute the authenticity of the evidence, including this case last year, where the plaintiff’s fabrication of a text message exchange was confirmed after reviewing the metadata of the “picture” she supposedly took of it (including the fact that the version of the emoji used couldn’t have been displayed by her iOS version!).

Two Types of Metadata

Another important distinction regarding metadata is that there are two types of metadata and the metadata that you get will depend on how you collect the data. The two types are:

  • System Metadata: Created, maintained and stored by the operating system; and
  • Application Metadata: Created, maintained and stored by and within the application software.

Simple enough, right? So, a collection of files from a drive will get the application metadata, but not all the system metadata – to get that, you would need to perform a forensic image of the device. An example of a case where you might need to perform a forensic image to capture system metadata to help prove your case would be an intellectual property case with a former employee suspected of using a flash drive connected to their workstation to steal company intellectual property.

Metadata Can Sometimes Be Misleading

Sometimes, the metadata can be misleading because of how the evidence is handled. For example, you could have a file with a Date Created that’s more recent than the Date Modified!

How can this happen? If a file is collected using the “drag and drop” method of copying files, the Date Created for the copies reflects the date the copy was created, not the date the original file was created. The “drag and drop” method is not a forensically sound method for evidence collection. It’s important to use forensically sound practices in collecting electronic evidence to preserve the metadata needed to authenticate that evidence. Forensically sound collection doesn’t necessarily require forensic imaging, but there are best practices to collecting evidence that preserves the metadata of the collected files to facilitate evidence authentication.

Another example is illustrated by the recent case ruling in Arconic Inc. v. Novelis Inc. (covered here by Cobra LS Educational Partner eDiscovery Today here). In that case, the plaintiff filed a motion to recuse over the fact that orders filed by Pennsylvania District Judge Joy Flowers Conti contained author metadata from the special master’s staff, which happened because Judge Conti used documents already docketed as a template for her next opinion or order, which included the original author of that template document, not the author of the new order being filed. It’s important to understand the ways in which metadata fields can be populated to determine whether they can be counted on reliably to authenticate evidence.


When it comes to Speaking Technical about Metadata, there is a lot more to know that can be covered in a single blog post. Craig Ball’s guide Beyond Data About Data: The Litigator’s Guide to METADATA (referenced by Judge Conti in her decision above) is an excellent in-depth guide for understanding metadata and how it’s used in discovery.

In the next post, we’ll start our discussion of Speaking Project Management in eDiscovery with a discussion of setting project expectations and the “triple constraint” of project management!

For more information about Cobra’s Digital Forensics services, click here.

Speaking Technical in eDiscovery: Understanding How It Differs from Digital Forensics

In our last post, we discussed coming to “terms” with Speaking Technical in eDiscovery by learning the meaning of some very important terms. Another important aspect of speaking technical is understanding the difference between eDiscovery and digital forensics, and specific use cases for digital forensics. Read more

Coming to “Terms” with Speaking Technical in eDiscovery

In our last two posts, we discussed Speaking Legal in eDiscovery with seven litigation stages and seven eDiscovery rules to know. Now it’s time to come to “terms” with Speaking Technical in eDiscovery, starting by learning the meaning of some very important terms!  Though you don’t have to become highly technical, a working knowledge of eDiscovery technical terms can make a difference throughout the lifecycle of your matters. Read more

Speaking Legal in eDiscovery: 7 eDiscovery Rules to Know

In our last post, we began our discussion of speaking legal with seven litigation stages to know. Another aspect of speaking legal involves being familiar with rules involving important considerations for conducting effective discovery.  Though there are plenty, we’ll focus on seven of these rules. Read more

Speaking Legal in eDiscovery: 7 Litigation Stages to Know

In our last post, I discussed how there are at least four “languages” that are spoken within a typical eDiscovery project: Legal, Technical, Project Management and Client. To be a proficient eDiscovery provider, you need to speak all four languages fluently. In the next two posts, I’ll discuss some of the legal terms and concepts an eDiscovery provider needs to understand to support the lawyers and other legal professionals in the case. Read more

The 4 Languages of eDiscovery

A Proficient eDiscovery Provider Needs to Be Fluent in Several Languages

Despite the title, this isn’t a post about translation services in eDiscovery – it’s about the different “languages” that an eDiscovery provider needs to be able to speak to provide excellent services to their clients. Becoming fluent in the various languages is key to communicating effectively with your clients and within the discovery team. It’s also key to educating your clients and your team to understand the concepts and terminology of discovery that may lie outside of their normal expertise or comfort zone. Read more

Six Concepts for Effective Data Conversion

Now That the Secret is Out, Remember These Six Concepts for Effective Data Conversion

By: Doug Kaminski
Chief Revenue Officer, Cobra Legal Solutions

Last time, I discussed the eDiscovery service that nobody talks about – Data Conversion – and three common scenarios where it may be needed to support discovery.  But that’s only half the story.  The other half is understanding how to manage it effectively, as failure to do so can derail your entire eDiscovery project. So, here are six concepts and best practices for effective data conversion, gleaned from our experience performing hundreds of data conversions for clients: Read more