eDisclosure & its Relationship with Digital Forensics.

Within the legal realm, there are multiple processes involving digital evidence. Here we will define eDisclosure and its relationship with digital forensics.

eDiscovery: The Basics

Electronic discovery (also known as eDiscovery) is the wider known process. However, for the purposes of this article, eDisclosure will be the focus. As this is the specific terminology used in the Civil Procedure Rules of England and Wales. Some of the terms and processes within can still be applied to eDiscovery.

eDisclosure: the process of disclosing digital information, also known as electronically stored information (ESI). Given its nature, this ESI may be held in numerous formats across multiple locations and jurisdictions (including the cloud). The digital forensics and eDisclosure industry have developed around the preservation of digital information (such as emails and documents). And presenting them for review in a format that is readable by lawyers and their clients.

Why is this important?

If there is an injunction to produce data relevant to a court case, it must be produced. Where there is a Disclosure Order, the costs involved in processing, reviewing, and analysing the data can be substantial. This may sometimes be in the region of hundreds of thousands of pounds for complex requests. All of this has combined to make it even more difficult for judges to manage cases effectively.

Luckily, unlike in the US, in England and Wales, we have the opportunity to estimate the costs prior to court. Court rules require a Disclosure Report and an estimate of the broad range of costs of disclosure to be filed at court. This is to be done before the first case management conference (CMC).

Definition: Disclosure Report

A report, verified by a statement of truth, that:


  • Briefly describes what documents exist or may exist that are, or maybe, relevant to the matters in issue in the case. And describes where, and with whom, those documents are, or maybe, located.
  • Describes how any electronic documents are stored.
  • Estimates the broad range of costs that could be involved in giving standard disclosure. This including the cost of searching for and disclosing any electronically stored documents.
  • States which of the directions in CPR 31.5(7) or (8) are to be sought.

In an eDisclosure process, whenever a document is deemed relevant, irrespective of where in the world it may be located. It would be expected that all reasonable steps are taken to ensure all copies of the electronic data are captured. Failure to comply with a Court order or the parties’ agreement to forensically image all relevant ESI can result in substantial damages. These may severely impact an organisation’s ability to operate.

Why is it necessary to use a digital forensics specialist in eDiscovery?

One might imagine that with the availability of software tools today, retrieving documents or computer records is a relatively easy task. Isn’t it just as simple as asking the IT Manager to copy and paste the relevant files onto a USB device and providing said memory back to you? The reality is, it is not as straightforward as that. In fact, the scenario described above is not only a forensically unsound process, but it also would not be defensible in a court of law.


Precise Data
The reason being precise data is required and retrieval of that data is carried out by digital forensics specialists in a manner that preserves and retrieves the document with all metadata (a set of data – often hidden – that describes and gives information about other data such as when the document was created, its owner and more). Once any digital device is deemed relevant as evidence to a case, even powering up that device could irrecoverably alter the data in question.
The Scale of the Task
The scale of the task can be a massive barrier: eDisclosure can be a huge task and, if not done properly the sheer volume of data involved in a case can amount to terabytes (1 TB of paper stacked would be 66,000 miles high!), and that data is growing year on year. In 1993 the total internet traffic amounted to one terabyte. Costs can be incurred unnecessarily and you may be exposed to arguments by the other party that your disclosure is disproportionate and/or crucial evidence has been lost or not disclosed; this may result in adverse costs orders and other sanctions.
Previous slide
Next slide

Both parties are under an obligation to preserve and disclose to the other party all relevant documents to the dispute. Specific requirements for data retrieval are defined in the pre-trial stage and will determine the actual costs involved.


As stated in Practice Direction 31B:

As soon as litigation is contemplated, the parties’ legal representatives must notify their clients about the need to preserve disclosable documents. This preservation obligation extends to Electronic Documents that would otherwise be deleted following a document retention policy. Or otherwise deleted in the ordinary course of business.

In a traditional situation, businesses deal with:

The primary problem is that businesses often fail to link these disparate copies correctly and additional copies are often created inadvertently, as different revisions are created or email updates are sent. Information lifecycle management (ILM) is the ultimate aim. Where each document is tracked from initial conception, through multiple revisions and to eventual purge and deletion.

Happily, there are software solutions that will handle these issues and ensure that compliance, eDisclosure, and other data tasks are handled in the background without manual intervention. These solutions are customised to suit the activities of the practice.

The importance of electronic document management

Making the transition to electronic document management sooner rather than later is recommended. It is much easier to work with electronic originals rather than handle conversions from paper-based records. Integrating radiology media and other image-based data is an added advantage. It is also worthwhile reducing data volumes by purging unnecessary data in a secure manner. Staff training is essential and original data should be accessed from a single central location. Without sending copies by email or another method. Instead of sending links that allow authorised users to view the data.

The fact remains that every business, regardless of size, faces a risk of exposure to such a situation. Preparation is key. Effective data management and careful control of data access will substantially reduce the costs associated with unexpected litigation or demands for data. This can be achieved through the use of cloud-based solutions. For example, as data is stored in a single location and accessed remotely by employees with the correct user credentials. This is an important consideration when sensitive information such as health records is involved.

Learn more here

Contact Us


Navigate Tomorrow's Evidence Today.

Accreditations & partners

Sign Up to Our Mailing List | CYFOR Legal
CYFOR Legal | eDiscovery