Computers and Technology Articles

Unified communications is the term used for integrating all communications - data and voice - over the Internet. This can include data in its myriad forms such as email, instant messaging data, data generated by business computer applications, faxes, and text messages. But key sources include voice sent via network avenues or stored on digital devices, such as VOIP (Voice Over Internet Protocol), voice mail, audio-video, web conferencing, white boarding, and .wav files. Such integrated communications can save money from operating budgets.

Savings accrue from, among other expenses, doing away with long distance charges when using VOIP, from dispensing with the need for travel to meetings when they can be held in a virtual environment, or from travel to far-away classes when an instructor or team can be using a whiteboard from disparate physical locations. Savings like these accrue to the 26% of businesses that have adopted them. But when litigation demands discoverable data, .wav and voice-based files can be difficult and costly for a computer forensics expert or an e-discovery system to search and index.

There are many tools designed for searching text files, and even for text from deleted files. These range from computer forensic suites such as EnCase and Access Forensic Toolkit that each costs thousands of dollars, to open source tools, including hex editors that cost the user nothing at all. The more extensive packages may be less expensive in the long run when billable humans are added to the mix.

There are many wildly expensive e-discovery systems in place to assist in storing and indexing the large masses of data that are generated on a daily basis in the corporate environment. Services may be outsourced, or brought in-company. Again the cost of putting the systems and procedures into place may pale against the sanctions and fines that could result from not being ready for litigation, should it arise.

There are also many effective tools for scanning paper documents into text files, which are then searchable.

While many of the tools for searching and storing data are effective, and accurate, when it comes to audio, no such level of accuracy or ease yet exists for the purpose of searching for specific information. There are currently three means of searching audio: phonetic search, transcribing by hand, and automatic transcription.

Phonetic search technology matches wave patterns, or phonemes, to a library of known wave patterns. For example, the acronym “B2B” would be represented by the following phonemes: “_B _IY _T _UW _B _IY” (Wikipedia example from Nexidia, a company involved in speech recognition systems). Given the wide variation in modes of speaking, pronunciation, accents and dialects, the accuracy of this method is spotty. It produces many false hits. And while it may identify sections and phrases that are of interest, it doesn’t transcribe the audio into text - the audio must then be listened to.

Manual transcription of audio so that transcribed text can then be automatically searched, is time-consuming. As it depends upon a listener to type the words as they are heard, this labor-intensive task can also be very expensive. There may be security concerns, as the audio goes outside the company (or perhaps the country) to be transcribed.

Machine transcription is the one automated means of converting audio to text. But it suffers from accuracy issues. It compares “heard” audio with known libraries, again facing issues of differing pronunciations, terms not in existing libraries, and clarity of recording. While high-quality recordings can lend themselves to recognition rates of 85% or so (a positive-looking number until compared with the nearly 100% accuracy of pure text searches), when dealing with voice mail, accuracy dips down as low as 40%.

The new Federal Rules of Civil Procedure (FRCP) require companies to have a means of identifying key communications and data sources. That data must then be saved. For the sake of efficiency, both in the optimizing amount of storage required, and diminishing the volume of data that must be identified and produced for litigation, it is also important to be able to accurately identify data that is unnecessary.

While requirements for retention of data increase, and storage costs go down, identifying what audio should be kept and what should be deleted can be costly. As such information is digitized, it must nonetheless be stored and indexed (or searched after the fact). The technology is not mature, and is evolving. There may be an opening for an innovative company to prosper here, especially if able to produce some kind of breakthrough in voice-to-text technology. In the meanwhile, companies face a difficult issue in deciding what stays and what goes.

Sometimes, we may notice that the system is rather slow to access while we boot up our computer. We may have to wait for a long time to see the response of everything. I have made a lot of research on the Internet, and sort out some useful information from those relevant materials. Actually, there may be many factors leading to this problem. However, all of us can solve the problem ourselves by following the instructions below:

1. Malfunction caused by antivirus software

Some anti-virus software may join the random monitoring function to webpage, plug-in and email, which undoubtedly increases the system burden.

Approach:

Basically there is no reasonable way to deal with this matter, but you are suggested to use the monitoring service minimally, or upgrade your hardware.

2. Non-certified driver resulting in 100% occupancy of CPU resource

A large number of test drivers flood on the Internet, resulting in the difficulty to discover the reasons for the problem.

Approach:

With particular attention to graphics driver, it is recommended to use Microsoft-certified or official driver, and strictly check the type and version of driver.

3. Caused by viruses and Trojans

Numbers of worms reproducing rapidly in the system, keep the occupancy of CPU resource always high.

Approach:

Use reliable antivirus software to complete clear up memory and local hard drive, and open System Configuration Utility window to see whether or not there is abnormal startup program. It is very necessary for users to regularly update the antivirus software and firewall, strengthen antivirus awareness, and get proper knowledge of preventing and removing virus.

4. System Services

Control Panel - Administrative Tools - Services, find out and double click on the item with suspicious name or location, and change its Startup type to be manual.

5. Startup item

Start - Run - msconfig - Startup, close unnecessary startup item, and restart the computer.

6. View “Svchost” process

Svchost.exe is a core process of Windows XP system. Svchost.exe is not just in Windows XP, but also in Windows system with NT kernel. Generally the number of svchost.exe process in Window 2000 is two, while it is up to four or more in Windows XP.

7. Check the network connection

It mainly refers to network card.

8. View Network Connection

When the Windows XP computer is installed to be a server, and the request for connection on port 445, the computer will allocate memory and deploy slight CPU resource to provide services for these connections. When it overloads, CPU occupancy rate may be too high, because there is a inherent trade-off relation between the number of work items and the responsiveness. You should determine appropriate settings of MaxWorkItems to improve system responsiveness. If the value set is not correct, the responsiveness of server may be affected, or too many system resources may be occupied exclusively by a user.

To resolve this problem, we can modify the registry: in the Registry Editor open [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserver ] branch, and create a new DWORD value named “maxworkitems” in the right window. Then, double click the value, in the open window, type the following values and save:

If your computer has more than 512MB memory, type “1024″; the computer memory is less than 512MB, type “256″.

9. Check whether it is the use of right mouse button in Windows XP that caused 100% occupancy of CPU

Recently, it is reported that the use of right mouse in Resource Manager may result in 100% occupancy of CPU resources. Let’s check what’s going on here.

Symptoms:

In Resource Manager, when you right click a directory or a file, you may likely encounter the problems listed below:

Copy of any files at that time may stop responding.

Network connection speed may lower significantly.

All input/output operations are affected, such as the music heard in Windows Media Player may become distorted.

When the shortcut menu pops up after you right click a file or directory in Resource Manager, the occupancy rate of CPU will increase to 100%, and it comes back to normal level only after you close the shortcut menu.

Approach:

Method One: Turn off “Use the following transition effect for menus and tooltips”

1. Click “Start” - “Control Panel”

2. In the “Control Panel”, double click “Display”

3. In the “Display Properties” window, click on the “Appearance” tab

4. In the “Appearance” tab, click on the “Effects” button

5. In the “Effects” window, clear the tick in front the item “Use the following transition effect for menus and tooltips”, and then click OK - OK buttons to finish.

Method Two: When using the mouse to right click a file or directory, please firstly use the left mouse button to select your target file or directory, and then use the right mouse button to open the shortcut menu.

On December 1, 2006, many amendments to the Federal Rules of Civil Procedure went into effect. There are three rules specifically that impact Computer Forensics and E-Discovery which need to be considered when building a case for your client, as well as protecting your client’s rights.

Most companies fail to realize the following two points:

• Any data that can be compiled into viewable form, whether presented electronically or printed on paper, is potentially within the definition of “document”.
• Electronic documents may be considered obsolete by the business in terms of its current computer infrastructure, but may have archival value and be recoverable to a readable format by specialized forensic techniques.

FRCP - Rule 26 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 26a1 changes are very important.

At the first sign that litigation is coming, a company must use their Litigation Hold procedures and not wait for the courts to act. The problem is most companies do not have these procedures in place, nor do these companies know that litigation holds must start this early in the process.

Of course in order to have Litigation Hold Procedures, a company must have a retention policy and know where the company’s data is stored and must be easily accessible.

Rule 26. General Provisions Governing Discovery; Duty of Disclosure

Except in categories of proceedings specified in Rule 26(a)(1)(E), or to the extent otherwise stipulated or directed by order, a party must, without awaiting a discovery request, provide to other parties:

(A) the name and, if known, the address and telephone number of each individual likely to have discoverable information that the disclosing party may use to support its claims or defenses, unless solely for impeachment, identifying the subjects of the information;

(B) a copy of, or a description by category and location of, all documents, electronically stored information, and tangible things that are in the possession, custody, or control of the party and that the disclosing party may use to support its claims or defenses, unless solely for impeachment.

FRCP - Rule 34 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 34 identifies new procedures regarding the production of documents and electronic data for litigation.

Rule 34. Production of Documents and Things and Entry Upon Land for Inspection and Other Purposes

(a) Scope.

Any party may serve on any other party a request (1) to produce and permit the party making the request, or someone acting on the requestor’s behalf, to inspect, copy, test, or sample any designated documents or electronically stored information — including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained — translated, if necessary, by the respondent into reasonably usable form, or to inspect, copy, test, or sample any designated tangible things which constitute or contain matters within the scope of Rule 26(b) and which are in the possession, custody or control of the party upon whom the request is served; or (2) to permit entry upon designated land or other property in the possession or control of the party upon whom the request is served for the purpose of inspection and measuring, surveying, photographing, testing, or sampling the property or any designated object or operation thereon, within the scope of Rule 26(b).

FRCP - Rule 45 (LII 2007 ed.)

With the new law regarding E-Discovery now in place, Rule 45 identifies new procedures to follow when your company subpoenaed.

Rule 45. Subpoena

(d) Duties in Responding to Subpoena.

(1)(A) A person responding to a subpoena to produce documents shall produce them as they are kept in the usual course of business or shall organize and label them to correspond with the categories in the demand.

(1)(B) If a subpoena does not specify the form or forms for producing electronically stored information, a person responding to a subpoena must produce the information in a form or forms in which the person ordinarily maintains it or in a form or forms that are reasonably usable.

(1)(C) A person responding to a subpoena need not produce the same electronically stored information in more than one form.

(1)(D) A person responding to a subpoena need not provide discovery of electronically stored information from sources that the person identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or to quash, the person from whom discovery is sought must show that the information sought is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

These are just snippets of the rules and your attorney or corporate counsel should have access to the entire Federal Rules of Civil Procedure Amendments document. It is important to consider these rules when planning to use a Computer Forensics Investigator or E-Discovery service.

What is Digital Forensics?

Digital Forensics is the terminology used when digital artifacts are collected from a computer system in a forensically sound manner. In other words, digital artifacts such as documents, spreadsheet, pictures and email can be retrieved from a computer, PDA or any other type of digital device with storage capability. The material is then analyzed and preserved. This operation can often be done even if the data has been intentionally erased. Digital Forensics procedures will allow the forensic examiner to reveal digital evidence, and display the exact time and date the information was created, installed, or downloaded, as well as when it was last accessed. Although the first computer crimes occurred in the 1970’s, computer forensics is still a relatively new field. While we now have more PC and mobile device users then ever, the demand for Digital Forensics is quickly increasing. Laptop computers, PDA’s and mobile phones with the capability of storing pictures, connecting to the Internet and e-mails, more and more often require the need of Digital Forensics to determine the action to be taken in criminal litigation cases, corporate espionage, and accusations of child pornography, Likewise, acts of terrorism as well as the practices of disgruntled employees and the behavior of cheating spouses, all have one thing in common: they frequently utilize computer systems and mobile devices to assist them in their unethical actions and crimes. The evidence that these activities leave behind is readily detected through the procedures of digital forensics.

Digital Forensics or Computer Forensics?

In the past, computer forensic investigations have had PC and Laptop systems as their primary target for examination. Within the past years, the computer forensic field has been forced to broaden its scope, tools and investigative techniques in order to keep abreast of the personal technology being used by common citizens. Equipment such as Cell phones, PDA’s, Blackberrys and GPS systems are used on a daily basis, and can contain vital information from sms test messages, emails, phone logs and previous GPS destination coordinates. Therefore the term Digital Forensics is becoming very popular as the computer forensic field expands and incorporates the digital analysis of new technological devices.

What can a skilled Digital Forensic Examiner do?

A skilled digital forensic examiner can recover deleted files from a computer. He or she can view which websites have been visited from a specific computer even after the browser history and cache have been cleared and deleted. A digital forensic examiner is able to review previous communications sent and received via an instant messaging and chat application such as yahoo instant messenger and msn messenger. The forensic process will also restore deleted or hidden pictures and email messages. In addition the forensic examiner is trained to analyze and re-create deleted text messages and call logs from cell phones, PDA’s and Blackberry devices.

How the Private investigator can benefit from Digital Forensics

Digital Forensics can assist the private investigator in many ways principally by identifying vital information and saving cost and time. Often 2-3 hours of digital forensic examination techniques are able to expose more evidence then several days of surveillance and dumpster diving. Deleted data from digital devices such as cell phone text messages and other acts are often recoverable; for example, did your client’s spouse have an instant messaging conversation? Are those deleted emails recoverable? What websites did the suspect visit?

Several examples below elaborate how Digital forensics can assist the private investigator in specific cases and tasks:

Adultery cases:

Online chats or sms text messages are often used to arrange meetings and provide covert communication to avoid suspicions by the spouse.

Fraud Cases:

It is often possible to determine when and if a document was altered. Unless the document was produced by a typewriter, there always is or at least has existed an electronic copy somewhere. In addition the most common word processor, “Microsoft Word” which is part of the Microsoft office suite embeds Meta data into each document. This Meta data can provide vital information such as the identity of the author and the computer on which the document was composed. The same applies to Microsoft Excel spreadsheet applications.

Tailing a suspect:

When tailing a suspect, imagine how informative it could be to know his/her previous destinations, prior to starting the assignment. Impossible you say! This is not necessarily so especially if the individual had traveled by automobile and used a GPS (Global Positioning System). Some of the most recent advancements in Digital Forensics allow for the retrieval of information from the most common GPS systems.

Harassment cases:

There are many different types of harassment. It is often the case that your client may not only be receiving harassment in person, but also via phone, and/or email. A Forensic Examiner can preserve logs of phone calls received from cell phones and present them as evidence by strictly maintaining a chain of custody. Every email sent from a given source to a specific destination leaves information embedded in that email. This information is referred to as the email header. The forensic examiner can analyze the email header and trace it back to the origins of the IP address from which it has been sent.

Surveillance:

When considering surveillance, most think of traditional techniques such as: tailing, stakeouts and video surveillance. However, modern computer techniques can also be a valuable asset to the private investigator. There are such devices as spy ware programs and keystroke loggers that will provide real time information about what, where and when things have occurred on a suspected computer.

Who has the right to search a computer or Digital device?

The Fourth Amendment protection against unlawful search and seizure only applies to government entities such as law enforcement. The Fourth Amendment does not apply to private searches. A private search can be conducted or authorized by anyone who has a legal right to the data stored on the computer, such as employers or spouses. Since computers are common property, spouses can give consent to a private search of the computer

Conclusion:

In the dynamic world of Private Investigation, it is vital to adapt to new technologies and be able to provide your clients with competitive services of the highest degree. Most importantly it is essential to keep your clients in your domain for all of their investigative needs. Therefore training private investigators in the art of Digital Forensics or partnering with a Digital Forensic expert is a necessary step in securing not only the stability and longevity of your business but assuring that it is prepared to meet the requirements of the technological exigencies of the future.

CONDUCTING THE SEARCH AND/OR SEIZURE is an important party of Computer Forensics. If the search is not done properly then you will not be able to enter evidence to the case. The following is a outline

Secure the Scene.

Assign an safety officer to manage the scene. Preserve the area for potential finger prints

Leave computer in the state found. Document how they were found with photographs and written documentation. Immediately restrict access to computer(s).

Isolate from phone lines (because data on the computer can be access remotely).

Identify which machines are stand alone or network based. If the computer is network based then some of the data might reside on another machine. Below is a rule we follow when collecting evidence:

o On/Off Rule for Forensics data recovery and evidence gathering.

o If the device is “ON”, do NOT turn it “OFF”.

o Turning it “OFF” could activate lockout feature.

o Write down all information on display (photograph if possible).

o Power down prior to transport (take any power supply cords present).

o If the device is “OFF”, leave it “OFF”.

o Turning it on could alter evidence on device (same as computers).

o Upon seizure get it to an expert as soon as possible or contact local service provider.

o Make every effort to locate any instruction manuals pertaining to the device.

One of the key elements in every data forensics procedure is time. Users may unintentionally or inadvertently overwrite evidence simply by continuing to complete their daily tasks. Collecting and preserving data or evidence that may have been deleted or become inaccessible through normal computing methods is an important consideration. Determining what information needs to be gathered before hand is critical to a cases success or failure.

Most of the applications use Windows - provided dialogs for opening or saving operations. The “Common Dialog control” provides the standard set of the dialog boxes for certain operations like saving and opening files, selecting fonts and colors and setting print options. The “ComDlg32 control” that is used in several applications, saves its set of information in the history apart from the other ‘Windows history’.

Every time when you open or save the file, Windows keeps the record of this activity by recording the names of the files that you save or open. So, when you choose the option “save” or “open” often from the application file menu, the Windows display the drop - down list of recently used files or opens certain directory. If these names opened or saved are not shown in file open / save dialog of the particular application, then they are placed in the ‘Windows registry’ and can be seen there.

To protect the privacy, erase all these computer history tracks manually or using history tracks eraser. The history tracker eraser include advanced scheduler to clear the history automatically, clear history in MSN Explorer, Internet Explorer, Firefox, Opera, Mozilla, Netscape, Safari, AOL Explorer and Maxthon (MyIE2), clear history in the Google Chrome, “clear browsing history”, clear the contents of index.dat files, “clear search history”, “clear AutoComplete” clear cookies, empty Temporary Folders in windows, clear recent documents list, “clear Recent Items”, clear the Search History in Windows, clear the Windows Run History, clear the history in Start Menu programs and more,

Computer forensics labs are high-tech labs that are used for rendering computer forensic and other investigative services. Various software and techniques are used during the process of investigation, including password cracker, email converters, or the EnCase or Forensic Toolkit (FTK) software applications.

Initially, an exact replica of the hard disc drive is created, so that the evidence can be evaluated and processed from a forensic file. The identifying leads and computer evidence contained in files proves crucial in determining the outcome of the case. The findings are then documented, and the opinions of experts are taken. The expert witness testimony proves very helpful to clarify technical computer issues in the litigation process. With the help of customized software, the forensics investigators can retrieve deleted data, hidden data and password-protected data. The retrieved data is then carefully documented and recorded in reports that are then presented at times of litigation.

On an average only 10 percent of these files may actually be used in litigation cases. Customized software is used to filter out unnecessary data, based on data relevant parameters coated on the software. Around 25 percent of the original data set can be filtered, using intelligent filtering methods. It is also used to remove duplicated items from the database, saving thousands of dollars for the company.

Computer evidence often decides the results of civil or criminal actions. Cases involving trade secrets, commercial disputes, misdemeanor and felony crimes can be won or lost with the introduction of lost computer evidence. The latest high tech labs are equipped to recover such data.

Computers are widely used for criminal activities such as hacking, credit card frauds and Intellectual property right crimes. This has created a rising need for forensic labs that are capable of collecting lost electronic evidences. These high-tech Computer forensic labs are surely an alarm for lawbreakers.

Many homes today have more than one computer or even a home network. Homes today have: parents who use the computer for work, gaming and entertainment and also their children use it for schoolwork, gaming and socializing with their friends.

If you need to find out what’s happening on your computer when you are not using it, you can do so by running software on it that tells you everything. If you prefer the long way, you could try sifting through files on the desktop to look at history, cookies, websites visited and images caches but this method is long and tedious and won’t tell you everything. Plus, the others in your household may be clearing their tracks after using the computer.

You can set up your computer so that it erases all your files after each use making investigating the habits of your children, teenagers or spouse difficult. If they are clearing out the cache and temporary internet files after each use it can feel near impossible to find out what they are doing.

As a parent or husband or wife you may feel the need to investigate what your family members are doing on the computer. Perhaps you are worried that your children are chatting with strangers and giving out personal information. Maybe you are worried that your teenaged son is downloading pornography or that your teenaged daughter is chatting with undesirables. Maybe you’re even worried that your husband is downloading pornography or that your wife is chatting with other men.

Whatever your concern, you can find out precisely what’s happening without your family member knowing that they are under your surveillance. Programs can log every move made on the computer and report to you. You can easily install it to run in stealth mode on your personal computer to track:

-Websites visited

-Chat conversations from any instant messaging program

-Emails sent and received

-Screen shots

-Time logs

And more…

Some can send you encrypted files to any address you choose that will give you the information you need to either put your mind at ease that nothing unsafe or inappropriate is happening in your home or arm you with the evidence you need in order to confront a situation with a member of your household. These programs can find out what you need and then be removed or deactivated at will.

Children are faced with bullying and online predators constantly online. Some children don’t tell their parents when they run into trouble. Some children carry on internet conversations with who they perceive to be other children but that may be pedophiles.

Spouses sometimes carry on Internet based relationships or participate in pornographic activities online. This may be something you need to know to help you in your relationship.

On occasion, we all need to know the time and we have a multitude of different devices to tell us it, from our mobile phones and wrist watches to the office wall clock or the chimes on the radio news. But how accurate are all these clocks and does it matter if they are all telling different times?

For our day-to-day business it probably doesn’t matter too much. If the office wall clock is a faster than your wrist-watch your boss probably won’t fire you for being a minute late but when it comes to solving criminal cases, timing is everything!

Take the case of Joan Beddeson, a 71-year-old found murdered in her home in Macclesfield. The chief suspect, her former lover who owed the victim over a quarter of a million pounds, 64-year-old John Crittenden, denied the killing, claiming he was at home in bed with his wife at the time of the murder.

However, police had discovered a credit card statement that showed that Crittenden had bought fuel in Worcester just hours before the killing and was then spotted on a camera 12 minutes later traveling up the motorway towards Macclesfield. Later that night the same car was recorded coming back down the motorway leaving Crittenden with a 45 minute window to commit his crime.

However, during his trial Crittenden, who admitted buying the fuel, denied traveling up the motorway and claimed the cameras were not accurate. However, the cameras were all synchronized using a NTP time server (Network Time Protocol) to Universal Coordinated Time (UTC) and was so accurate that Crittenden’s lawyers had no defense and he was convicted of the murder and sent to prison for life.

Time synchronization is not just important in securing convictions it can also prove somebody’s innocence! When a woman was found murdered in Maryland US, the police thought they had found the perpetrators when the victim’s bank card was being used at an ATM. A check at a local CCTV camera provided footage of the three suspects using the machine and although the quality was quite grainy, once aired on America’s Most Wanted the three suspects were soon rounded up.

However, it emerged that the time recorded by the camera was three minutes off the time recorded by the ATM and the three people held were an entirely innocent family, not connected with he murder at all.

The investigators conceded that if the camera had been synchronized to a reliable source like the ATM machine, then the wrongful arrest would not have been made.

The cases above underline the importance of reliable time synchronization. Even if a business is not involved in the detection of crime, failing to synchronize a computer network can leave a system vulnerable to fraud, data loss and even legal exposure and without it, organizations can be vulnerable and lose credibility.

Specialist NTP time servers (Network Time Protocol) are available and can synchronize a computer network and all its devices to an accurate clock source such as an atomic clock using either the GPS or a specialist radio transmission, allowing networks to be accurately synchronized to Universal Coordinated Time (UTC)

Traditional Enterprise Content Management (ECM) products and solutions have and continue to deliver the ability to manage content, documents, and records within the enterprise to meet today’s business regulations. ECM platforms are a corporate necessity and will continue to be the backbone for critical, high-value information management and collaboration capabilities for the foreseeable future. However, there is a growing challenge in enterprise content creation and management. With the increase in knowledge workers and user friendly content creation tools, electronically stored information (ESI) volume is growing at nearly a hundred percent year over year. With this volume of information, over eighty percent of informational assets reside outside the ECM repositories, i.e. are “in the wild”.

With today’s dispersed mobile workforce, documents and records are now created and scattered across databases, servers, email applications, laptops, desktops and storage systems around the world. The problem is how to find the key critical documents and records in today’s informational ocean and pull them into the ECM workflow, while leaving the rest in-place and indexing it. Because, importing all documents and records into the corporation’s central ECM repository is no longer possible or feasible due to sheer volume. A solution to the “in the wild” information problem would be to provide ECM functionality and features ranging from information access, information management, records management, metadata capture and management, full text and full content indexing, auto-classification across any device to separate non-critical information from critical information and seamlessly transition it into the ECM repository or indexing and managing information in-place.

To help manage the information growth while maintaining enterprise content management control of high-value documents and records, corporations need visibility into important data outside the ECM repository or “in the wild” information. Gartner coined the term “Lite-ECM” which describes a cooperative Information Access and Management suite that seamlessly integrates and extends today’s ECM platform capabilities to provide identification, search, analysis and auto-classification of information outside the ECM repository stored throughout the organization. Adding in-place indexing and management capability delivers the ability to virtually organize distributed information into a single, easy-to-use information viewpoint, regardless of where the information resides. But, adding another tool to the toolbox can be challenging, especially on today’s constrained IT budgets. What are the key features needed to determine the right Lite-ECM product fit for your corporation? David Morris, Director of Product Marketing at Kazeon, provider of Information Management and eDiscovery technologies, offers insight into the top criteria for choosing a “Lite-ECM” software suite to augment and extend your ECM capabilities and reduce deployment and management headaches.

1. Enterprise-class Scalability & Performance - Most Lite-ECM information platforms were architected with a reactionary (do it once) ideology, which causes significant scalability challenges when attempting to deploy continuous Lite-ECM capabilities to manage today’s dynamic information environments. A Lite-ECM suite must be scalable to search across hundreds of terabytes of electronically stored information, as well as scale into the billions documents, and have the performance to process the data to keep pace with today’s information growth.

2. Auto-Discovery of data sources - The Lite-ECM suite must have the capability to auto-discover informational sources anywhere on the network, since critical data may reside in the enterprise file storage file server or a laptop in Shanghai. To truly manage all information, auto-discovery is a critical feature of any enterprise level Lite-ECM suite.

3. Holistic and Dynamic Organizational Information Map -Since network topology can change rapidly, having a dynamic and active continuous auto-discovery capability is critical for information indexing, internal investigations, litigation procedures and information capacity planning.

4. Agent-less Information Management- Organizations have enough critical data running on servers, laptops and desktops today. Having another agent on all devices simply reduces operational health and increases risk, not to mention that the device has to be “known” to install an agent. Agent-less search has a low impact on the IT infrastructure and is more rapid to deploy. With the scalability challenges solved, it is the lowest risk highest reward approach to identifying all data sources on the network. Since users cannot disable agent-less search, it provides a rapid and powerful investigation and litigation capability to find potentially relevant information and hold it in-place for review.

5. Robust Search, Analysis, and Classification - Searching, analyzing and classifying information complex challenges; however, a Lite-ECM suite will need have all three to truly add value and help separate the relevant from the non-relevant information within an organization. Having a strong analysis and auto-classification capability that can sort large data sets based on metadata, document content, file type, etc. is necessary to accurately and quickly reduce the volume of data to a relevant and manageable set to review and processing.

6. Tagging -Automating the tagging of individual content or grouping content into relevant virtual folders with a robust policy based engine allows administrators to simplify the review and reporting process by delivering a virtualized organizational information overview.

7. Workflow Management- After gaining insight into and classifying critical information, bring the “in the wild” data into the ECM platform for workflow management and preservation is a key capability. With the ability to automate the move, copy, encrypt, delete actions; an automated policy based methodology accelerates the manual processes for processing of all enterprise data. Furthermore, it allows corporate governance policies and IT policies and procedures to be managed and enforced through the existing platform.

8. Unified Management - With billions of documents and petabytes of storage, corporations can easily be overwhelmed by the volume of data and its presentation. A robust Lite-ECM suite must have a unified management view across the entire network and the ECM platform to simplify operational management. Without a unified management approach, the management task is overly burdensome and not feasible.

9. In-Place Record Hold - Being able to tag and hold potential critical information at the source, i.e. server or laptop, is a capability that separates the efficient Lite-ECM suites from unusable ones. It is not reasonable to move all potential critical data back to a repository before review, the in-place hold and review and subsequent collection process streamlines and accelerates the process to meet today’s demands and reduce infrastructure costs.

10. Enterprise-Wide Critical Information Capture - With 80% of corporation’s informational assets outside the control of the ECM platform, a Lite-ECM will need to have the flexibility to identify, access, search, and review information which resides in databases, email archives, servers, email systems and storage systems across the network. With an automated workflow policy engine, capture and movement of critical information to the ECM repository can be accomplished on a daily, week, or monthly basis. Having an extensible architecture to facilitate search, collection and review across existing and emerging applications and data types is a critical capability.

Deploying a Lite-ECM suite is a complex process, since it impacts IT, Legal, human resources, records management and security teams. To meet stakeholder needs, Mr. Morris advocates convening a cross-functional team to gather requirements, review solutions, and manage deployment of a Lite-ECM suite, as well as to create a sense of ownership and responsibility or the enduring usage of the new suite.