BLOG HOME > Data Breaches > What is eDiscovery? FAQs

What is eDiscovery? FAQs

Michael Johnson
Forensic Analyst

What is eDiscovery?

Electronic discovery, known as “eDiscovery,” is the process of electronically identifying, collecting, searching, analyzing, and presenting information electronically stored information (ESI) for legal purposes.

Discovery is a traditional pre-trial phase where both parties investigate the facts of a case, through rules of civil procedure. Parties obtain evidence from the opposing party and others by means of discovery devices, including requests for answers to questions, requests for production of documents, requests for admissions, and depositions.

The evidence needed for a trial is often electronic. This is where eDiscovery comes in.

Meet Deadlines with Smart eDiscovery

Request a Quote

Who uses eDiscovery? 

Law firms, corporate legal departments, and governmental agencies typically contract with eDiscovery professionals. Depending on the needs of the organization or individual, an eDiscovery professional may do the following:

  • Help collect, process, review, analyze, produce, and store ESI
  • Serve as liaison between legal team and IT personnel
  • Use technology to facilitate discovery
  • Educate on eDiscovery procedures and laws
  • Ensure compliance with federal ESI laws
  • Create policies around ESI

What is ESI?

ESI stands for electronically stored information. It includes things such as databases, AV files, emails, documents, chats, webpages, and social media. 

What are the stages of the eDiscovery process?

Officially, the Electronic Discovery Reference Model (EDRM) framework outlines the standards of the eDiscovery process. The following are officially recognized phases of eDiscovery. The phases may need to be repeated as researchers understand more about the data.

  • Ediscovery Stage 1: Information Governance.

    • Organize and maintain data in a way that mitigates risk and cost should an entity have to perform eDiscovery.
  • Ediscovery Stage 2: Identification.

    • Determine location, scope, breadth, and depth of ESI. 
  • Ediscovery Stage 3: Preservation.

    • Ensure that ESI is protected.
  • Ediscovery Stage 4: Collection.

    • Gather, process, and review ESI for use in the eDiscovery process.
  • Ediscovery Stage 5: Processing.

    • Reduce the volume of ESI and convert to more usable forms (for review and analysis).
  • Ediscovery Stage 6: Review.

    • Evaluate ESI. Determine what data is important and who needs to have it.
  • Ediscovery Stage 7: Analysis.

    • Evaluate ESI for content and context.
  • Ediscovery Stage 8: Production.

    • Deliver ESI to others in appropriate forms and use appropriate delivery mechanisms.
  • Ediscovery Stage 9: Presentation.

    • Display ESI before audiences (at depositions, hearings, trials, etc.), especially in native and near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.

EDiscovery begins from the time a lawsuit is in motion and runs until the digital evidence is presented in court. The process can be broken down into three general phases:

  1. Attorneys identify ESI as relevant and place the data on a legal hold.
  2. Both parties determine scope, identify any relevant data, and make eDiscovery requests and challenges. There is generally some back and forth regarding search parameters.
  3. Certified professionals (CEDS, ACE) extract the evidence, analyze it, and then convert it into a usable format (e.g., PDF) for court. These experts use analytical search techniques like pattern and trend identification to search and use resources more efficiently.

Get my free SecurityMetrics PCI Guide

Download Now

EDiscovery services at SecurityMetrics

At SecurityMetrics, our certified eDiscovery professionals (CEDS) work with and advise law firms throughout the entire eDiscovery process.

SecurityMetrics is the only eDiscovery provider in Utah that offers AI capabilities at no extra charge. With terabytes of data to search, SecurityMetrics’ coding and labeling algorithm saves time, energy, and ensures you do not miss any important ESI. 

There are two options for SecurityMetrics’ eDiscovery services: technology assisted review (TAR) and continuous active learning (CAL):

  • TAR uses a “seed” of coded documents created by the attorneys who are familiar with the case. This process is aided by SecurityMetrics’ team using NEXLP software
  • CAL–also known as “TAR 2.0”–is a program that continually learns as you code and tag the documents you are most interested in. 

As a data security and digital forensics firm located in Utah, SecurityMetrics makes sure your ESI and other related data is hosted and stored securely. The data remains searchable and accessible to you and your attorneys as they use it throughout their review process.  

To learn more about SecurityMetrics eDiscovery services or to request a quote, please contact or call 801-623-5612. 

Michael Johnson (CEDS) is a forensic analyst specializing in eDiscovery at SecurityMetrics. He is a 10-year veteran of the digital forensics industry, with extensive experience in incident response, eDiscovery, and data recovery. His data discovery services have been key in both civil and criminal litigation, with cases including homicide, accidental death, fraud, IP theft, human trafficking, kidnapping, assault, and hacking.

Join Thousands of Security Professionals and Subscribe