Few things in life are truly free, and even fewer things in life are free in the land of electronic discovery. With the onslaught of new e-discovery vendors and providers over the past few years, a variety of task related functions are largely fulfilled. Do you need to have 3 TB’s of data processed in a week? Plenty of vendors would be able to raise their hand. Are you having difficulty with a Concordance or Summation production database? Multiple user forums and active support communities are eager to offer advice.
Ultimately though, there are still many areas that are largely untapped without requiring a significant investment. However, there are still many resources available that will cover several (but definitely not all) of the needs of commercial users. As I am in no way associated with any of these projects, the inclusion of these applications is by no means an endorsement, nor do I vouch that they will provide an end-user with the necessary or accurate result. With this caveat in mind, the following applications could be potential resources for any user, and my experiences with them thus far have been nothing but positive.
Pinpoint Labs offers four different utilities, including Pinpoint SafeCopy, Pinpoint MetaViewer, Pinpoint Hash and Pinpoint FileMatch. As many professionals in the field will deduce, SafeCopy assists in preserving a file’s time stamp when being copied, MetaViewer displays the metadata associated with a file imported into the utility, Hash assists in establishing a hash or checksum value for specific files and FileMatch is an excellent de-duplication utility.
Helix has historically been considered the only true free forensic suite & kit available by e-fense. As of late, the company now requires users to register for the forum and pay a $15 fee. Even with the $15 fee, Helix is still pretty much free because joining the forum is beneficial for help and support, access to the user manual and a LiveCD for download. Helix exists on a Linux platform and basically wraps around the host computer in an acclaimed forensically sound manner. Personally, I think Helix is an excellent product for those interested in experimenting with forensic collection, but should not be regarded as a sole or primary tool for field work if one is new to the profession. The use of Helix will ultimately depend on the type of case and the degree of forensic scrutiny that the practices will fall under. Personally, I believe Helix could withstand significant scrutiny, but that comfort level depends on the experience(s) of the operator/investigator, methods of collection and host computer environment.
Wireshark can be utilized in instances when network and packet related information and protocols must be analyzed. Wireshark is one of the strongest open-source network analysis tools, and can be utilized by forensic investigators who need to establish network traffic patterns, detect lost packets, capture/record network traffic or review connectivity from a specific source or access point.
inVentory by inData is essentially a free e-discovery estimation tool. While there are many utilities that are geared toward performing a function or task, few actually assist in managing the estimation of projects. This tool can be helpful for both vendors and law firms alike – a vendor can present a report/estimate to a potential client as a means of explaining cost, and a litigation support professional or discovery manager can use it to direct internal resources and enhance project based communication. inVentory essentially captures and a snapshot of the information and generates a report.
The EDRM’s efforts since January 2008 to standardize the full-buffet of load file options that have emerged over the years has been an essential body of work. The XML format is considered by many to be the future of load files. The EDRM has included a wide range of utilities and tools for operating within this standard.
Related posts:
