Netmail Blog

A New Vision for 'Hostile eDiscovery'

Posted by Benjamin Wright

Find me on:

Sep 28, 2017 8:00:00 AM

A New vision for 'Hostile eDiscovery'

Netmail is pioneering new technology for what might be known as “hostile eDiscovery.”

Hostile eDiscovery happens when a party who is adversarial to the management of an enterprise conducts a search for records, without the cooperation of management. Examples of adversaries might be:

  • Law enforcement like FBI or the Royal Canadian Mounted Police
  • Tax collector like the Internal Revenue Service, Revenue Canada, or a state tax authority
  • A regulator like the Environmental Protection Agency or the Food and Drug Administration
  • A fraud investigator hired by the board of directors of a public company to investigate whether management is stealing from the company

In each case the target enterprise does not prepare in advance for the search. But the adversary shows up unexpectedly with legal authority like a search warrant. The adversary brings Netmail Hadron, a federated search tool, and installs it on the target's network. Then the adversary searches for evidence of wrong-doing, such as crime, tax evasion, or embezzlement.


Netmail Hadron can locate data in many different formats, such as email, PDFs, office documents, and unstructured data. It can search through different platforms, whether they be on premise or in a third party cloud. These platforms can include Exchange, Sharepoint, PC harddrives, Box, Office 365, and more. Netmail Hadron creates an audit trail to show what was searched, when it was searched and what the results were.


Historically, hostile eDiscovery was often executed as the “take everything” approach. The investigator grabbed computers, imaged hard drives, seized control of data centers, and made wholesale copies of data from network storage.

But the copy everything approach sounds like the caveman approach. It takes too much and looks at too much.

Many investigations do not justify the take everything approach. If the Internal Revenue Service, for example, marched into a company and just literally copied everything on the infrastructure of that company, the public would howl. What the heck is the IRS doing with absolutely all the data of a private company?

As information systems accumulate more and more data, the take everything approach becomes a bigger and bigger task. When judges and other authorities come to understand that there is an alternative to the take everything approach, they may demand the Netmail Hadron alternative as a way of limiting the scope of the investigation, protecting privacy and otherwise preventing overreach by the government. A tailored Netmail Hadron search is performed on-site, and might even keep the relevant discovered data on-site.


When the FBI, for example, copies all the data from a corporation, what assurances are there that all the personally identifiable information (of innocent bystanders) that just happens to be in there is protected? Is the FBI allowed to rummage through all that data and look for unrelated crimes committed by employees who have nothing to do with the topic the FBI is originally investigating? What if outside hackers steal the personal data from the FBI and then commit identity theft? (That’s not such an outlandish scenario given that hackers have stolen secrets from the likes of NSA and CIA.) The retention of all that data by the FBI is actually a liability on the part of the FBI.

When the Netmail Hadron alternative is deeply understood, hostile eDiscovery becomes a less risky and less invasive route to uncovering the truth in an authorized investigation.


This is the first in a series of blog articles about new advances in eDiscovery.


Benjamin Wright is a practicing attorney based in Dallas, Texas, and an instructor at the SANS Institute teaching a 5-day course titled “Law of Data Security and Investigations.”

 #netmail #announcement #hadron #MSIgnite #eDiscovery


Topics: compliance, Netmail, eDiscovery, Software, New Release, Audit, Dark Data, Ignite 2017, Hadron


Subscribe to Email Updates

Recent Posts

Follow Me