Saving clients money on electronic discovery processing is one of the challenges facing attorneys, service bureaus and their clients. Due to the amount of data collected when imaging custodian hard drives the resulting processing and labor costs can be significant and potentially prohibitive. 

Reduction of 30%+ Through DeNISTing

Many firms have discovered a relatively new and easy way to reduce the overall EED processing costs for imaged custodian drives by an average of 30%. How do they accomplish this reduction without missing potential evidence? By removing 'known' common files for Microsoft Windows, Linux, Mac OS and other systems the overall production is substantial reduced.

The NIST (National Institute of Standards and Technology) list contains more than 40 million known files and by using this list to filter custodian hard drives files, prior to EED processing, a significant reduction can be realized.

Why haven't you heard about this until now? 'DeNISTing' is relatively new. Until recently there haven't been tools available to handle the processing without significantly increasing the turnaround time and investing in expensive computer forensic software.

PG Pinpoint Software Makes deNISTing a Reality

PG Pinpoint from Pinpoint Labs is an affordable and easy to use application which leverages the 40 million known hash values in the NIST list to filter custodian data and dramatically reduce the costs and processing time associated with imaged hard drives. PG Pinpoint can compare more than 10,000 files per second allowing users to deNIST most custodian drives in less than an hour.

PG Pinpoint will also dedupe, identify encrypted files, create a chain of custody and safely (Using the included SafeCopy 2 engine) copy filtered files while deNISTing. By performing these multiple processes simultaneously, PG Pinpoint reduces electronic discovery processing costs and labor.

Undetected Encrypted Files May Cause Delays & Result in Critical Missing Evidence
In addition to filtering known files PG Pinpoint identifies encrypted files requiring open passwords. Identifying password protected files as early as possible during EED productions is critical to meet production deadlines. Password protected files can't be indexed which means the content isn't available during routine searches or culling. Legal departments have found using PG Pinpoint prevents delays by flagging password protected files at the very beginning.

One particular type of encrypted PDF file often goes undetected and poses a serious threat. Most legal professionals would agree that PDF files are common and included in most ESI (Electronically Stored Information) productions.However, what many don't realize is that custodians unknowingly create encrypted (RC4) PDF files. They go undetected because an open password isn’t required; however, the contents are encrypted and missed during searches performed by common litigation support and computer forensic applications. PG Pinpoint identifies RC4 encrypted PDF files and copies them to a separate folder for easy access.

Written by:

Copyright 2008 Pivotal Guidance Inc.
Pivotal Guidance, Inc. and Pinpoint Labs president, Jon Rowe, is a Certified Computer Examiner (CCE), veteran software designer and has been involved in litigation support for more than 15 years. Jon has been responsible for overseeing the development, marketing and sales of litigation support applications since 1995. Jon managed two electronic discovery and imaging service bureaus for Pro Copy, a well respected litigation support company with locations in Omaha, NE and Des Moines, IA. Previously, the co-founder and Executive Vice President for Image Capture Engineering (ICE) Jon played an instrumental role its growth and success for more than a decade. ICE was acquired by LexisNexis in June, 2007.