I know some about it. As it stands right now, law firms need to find, trust, and pay forensic investigators. The firm has to leave some data collection up to the investigator, and then have some data turned over. By data, I mean hard drives, images of hard drives, images of network shares, email exchanges, etc.
The law firm has to pay for the data collection, the disk space to store the data, the transmission of data back and forth (investigator found something good, buys external HD, ships it via the mail), the data analysis, the investigation and reporting, and then sometimes the expert witness.
Sometimes, the law firm does not know what they're looking for, in other words, there is no smoking gun piece of data. Sometimes, the goal is to find something, anything, that would hint, point, or prove a goal.
What this means is that a retainer can either be here is 10hours worth of analysis/investigation to find the email we know was sent that contains this particular text. They do not plan on the analysis and investigation to exceed that and usually the result is we found it/didn't find it and we did it in the time allotted or under the time.
It can also be, "we're looking for evidence that this type of event has occurred". This is where the billed-hours start stacking up. Its hard enough digging through other people's emails, documents, and pictures looking for something, let alone digging without having something in particular to look for.
The point is, I believe that they, the law firms, want to, and need to, bring this in house. This greatly improves the process. But now they need security, real security, because its not their data being stored, it is their client's client's data and so forth. It becomes very sensitive.
They need infrastructure. They need to be able to forensically acquire data. Forensically store data. Forensically analyse data. Forensically share data. The infrastructure needs to be fast, easy, and effecient. We're seeing 6TB hard drives now... shares of much, much larger size. And they do not want to be storing their client's data in someone else's cloud.
Then they either need technicians and investigators or the ability to hire and grant access to their data on their network to the tech/investigator. They need technicians to provide solutions to the inevitable problems run into (i.e. how can I acquire each of the 2 drives in this FusionDrive raid and return to the lab and build the raid on something other than osX?) And they need investigators experienced at honing in on relevant data while digging through vast troves of data.
The law firm has to pay for the data collection, the disk space to store the data, the transmission of data back and forth (investigator found something good, buys external HD, ships it via the mail), the data analysis, the investigation and reporting, and then sometimes the expert witness.
Sometimes, the law firm does not know what they're looking for, in other words, there is no smoking gun piece of data. Sometimes, the goal is to find something, anything, that would hint, point, or prove a goal.
What this means is that a retainer can either be here is 10hours worth of analysis/investigation to find the email we know was sent that contains this particular text. They do not plan on the analysis and investigation to exceed that and usually the result is we found it/didn't find it and we did it in the time allotted or under the time.
It can also be, "we're looking for evidence that this type of event has occurred". This is where the billed-hours start stacking up. Its hard enough digging through other people's emails, documents, and pictures looking for something, let alone digging without having something in particular to look for.
The point is, I believe that they, the law firms, want to, and need to, bring this in house. This greatly improves the process. But now they need security, real security, because its not their data being stored, it is their client's client's data and so forth. It becomes very sensitive.
They need infrastructure. They need to be able to forensically acquire data. Forensically store data. Forensically analyse data. Forensically share data. The infrastructure needs to be fast, easy, and effecient. We're seeing 6TB hard drives now... shares of much, much larger size. And they do not want to be storing their client's data in someone else's cloud.
Then they either need technicians and investigators or the ability to hire and grant access to their data on their network to the tech/investigator. They need technicians to provide solutions to the inevitable problems run into (i.e. how can I acquire each of the 2 drives in this FusionDrive raid and return to the lab and build the raid on something other than osX?) And they need investigators experienced at honing in on relevant data while digging through vast troves of data.