Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


The recent amendments to Rule 26 of the Federal Rules of Civil Procedure created a two-tiered approach to discovery of electronically stored information (“ESI”). Responding parties must produce ESI that is relevant, not subject to privilege, and reasonably accessible. However, because some methods of storing ESI, such as on magnetic backup tapes and within enormous databases, require substantial cost to access and search their contents, the rules permit parties to designate those repositories as “not reasonably accessible” because of undue burden or cost. But even despite the difficulty in searching for ESI, the party’s duty to preserve potentially responsive evidence remains; it simply gains the option to forgo poring over the material. Further, the court might nevertheless compel production if the requesting party demonstrates good cause. Regardless of whether the responding party believes certain documents to be reasonably accessible or not, courts may still require their production. In such cases, the court may then choose to order production, but shift the costs of doing so to the requesting party. Throughout this process, the burden and cost of production are central themes. Their determination is fluid, varying from case to case and even over time in the same situation. Nowhere is this more evident than where a responding party has numerous, geographically dispersed computers under its control that may contain responsive ESI to a request for production of documents. Traditionally, a responding party would be forced to make a decision of whether or not to send out computer forensic experts to all of these locations to make forensically sound copies of all of those computers and then analyze each. This process is time consuming and costly. Recently, several companies have put forth substantial solutions that facially allow a responding party to capture and analyze data on geographically dispersed computers remotely. That process, in general, is often defined as remote forensics. The question is now whether newly available remote forensic solution indicate that all networked computers are readily accessible under the current state of the law. This article attempts to define remote forensics, examines a selection of applicable court decisions, and then analyzes the currently available commercial software packages that allow remote forensics.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.