Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional and Enterprise
Incydr Basic and Advanced
Other product plans

Incydr Professional and Enterprise, no.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Other available versions:

On-premises

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

eDiscovery integration guide

Overview

The Code42 platform provides powerful tools for performing eDiscovery. This article explains the conceptual foundations of eDiscovery, how the Code42 platform can be leveraged to support it, and then guides you through concrete examples that you can adapt to your needs.

Considerations

We recommend that you have the following knowledge and skills:

Code42 partnership with Zapproved
Our Zapproved partnership enables you to use Zapproved to manage your legal hold process. Learn more about how to integrate Code42 and Zapproved for eDiscovery

Support

For help working with the Code42 API, contact your Customer Success Manager (CSM) to engage the Professional Services team.

Terminology

There are overlaps between eDiscovery, data governance, analysis, and data visualization. Since these tasks have similarities and support each other, it is important to understand the following definitions:

  • eDiscovery refers to the process of discovery in legal cases when the information is in electronic format.
  • Data governance refers to the ways in which an organization attempts to minimize its compliance risk as well as to make sure that data is properly managed, kept secure, utilized effectively, etc.
  • Analysis is the search for and presentation of useful patterns and information in data. Business intelligence, planning, metrics, and many other business activities are supported by analysis.
  • Data visualization is one of the ways to present the findings and data gathered by analytics. It uses graphs, charts, and other visual aids to communicate the significance of patterns in data.

eDiscovery summary

eDiscovery consists of a number of steps and functions. The following diagram depicts the general workflow:

eDiscovery reference model

You may engage in some but not all of the steps, elect to carry out the steps in a different order, or cycle back to earlier steps.

Here is a list of the steps with associated sub-goals, for easy review:

  • Identification:
    • Begin the legal hold process
    • Locate and verify custodians and archives
  • Preservation: ensure protection against inappropriate alteration or destruction
  • Collection: gather data for further use in the eDiscovery process
  • Processing: search and convert data into forms more suitable for review and analysis
  • Review: evaluate data for relevance and privilege
  • Analysis: evaluate data for content and context, including key patterns
  • Production: deliver data in appropriate forms
  • Presentation: display results and reports

Video

Watch the video below to learn about the eDiscovery workflow. For more videos, visit the Code42 University.

eDiscovery functions and features

The following table explains how the Code42 platform's features can be used to accomplish tasks for each of the steps in the eDiscovery process.

Step Functional requirement Code42 feature or resource
Identification Identify custodians and archives
Preservation and Collection Create or confirm preservation policy

Configure preservation policy for legal hold

  Place users on legal hold

Add custodians to a legal hold matter

  Retain and manage file metadata Incydr Basic and Advanced customers only: Retain file metadata using Incydr Cases
Process, Review, and Analyze

Analyze restore activity

 

Restore history details are restricted. You can view only the restore history to which you have access based on your role and  permissions.

The following Code42 API resources:

  • RestoreHistory
  Analyze version history

The following Code42 API resources:

  • ArchiveMetadata
  • WebRestoreSearch
  • PlanEvent
  • PlanSummary
  Analyze user file activity User profile reference
Production Restore files
  • Code42 app
  • Code42 console
  • The following Code42 API resources:
    • PushRestoreJob
    • WebRestore
    • File
  Restore archives
  • Code42 app
  • Code42 console
  • The following Code42 API resources:
    • PushRestoreJob
    • File (GET method)
  • pushRestore.sh script using the Code42 API
  Restore versions
  • Code42 app
  • Code42 console
  • The following Code42 API resources:
    • PushRestoreJob
    • File (GET method)
Presentation Generate MD5 report
  • Integrated product
  • The following Code42 API resources:
    • ArchiveMetadata
    • FileInfo
  Generate files and versions report
  • Integrated product
  • The following Code42 API resources:
    • ArchiveMetadata
    • PlanEvent
    • PlanSummary
 

View user restore history
 

Restore history details are restricted. You can view only the restore history to which you have access based on your role and permissions.

  • Integrated product
  • The following Code42 API resources:
    • RestoreHistory
  Present file event information Incydr Basic and Advanced customers only: Add file events to Incydr Cases

Remove custodians, archives, or devices

The following table explains how the Code42 platform's features can be used to remove custodians, archives, or devices from your Code42 environment.

Code42 feature or resource Code42 feature or resource

Release from legal hold

Purge archive
  • Add to file exclusions

Additional API information

  • Code42 Developer Portal
    • The API reference provides you with the latest documentation.
    • All resources are described in detail, including methods, arguments, parameters, and examples.
  • Sample Code on the Code42 GitHub site
    • Provides useful examples that you can adapt to your needs.
    • Contact your Customer Success Manager (CSM) to engage our Professional Services team for help with adapting code examples or for the creation of customized scripts.
  • Code42 API overview

Examples

The following examples are meant to provide insight into how the Code42 platform can be integrated with eDiscovery functions. As examples, they are not guaranteed to be suitable for any eDiscovery process without modification, review, and approval by your organization's compliance officer.

Restore history report with the Code42 console

As part of the eDiscovery process, you may need to determine who has restored files from a particular organization and when the restores occurred. To do this, perform the following steps:

  1. Sign in to the Code42 console.
  2. Select Administration > Environment > Organizations.
  3. Select an organization from the Active tab.
    The Organization Details appear.
  4. Click the number of Restores to view the Restore History page.
    These details are restricted by role. You can view only the restore history to which you have access based on your role permissions.
  5. From the action menu, select Export All to download the restore history as a CSV file.

Identify custodians with Incydr

Incydr Basic and Advanced customers only

As part of the eDiscovery process, you may need to identify custodians based on which employees are in possession of a particular file. Forensic Search can search for various file criteria to help you determine which employees in your organization should be custodians placed into legal hold. To do so:

  1. Sign in to the Code42 console.
  2. Select Forensic Search > Search.
  3. Enter search criteria, such as a specific filename or path.
    See our Track critical files use case for example criteria.
  4. Once you have identified a potential custodian based on the forensic search results, you can investigate all file activity associated with a user by looking at their associated user profile.

Search the logs

As part of the eDiscovery process or other forensics needs, you may need to search the logs stored on your endpoint devices running the Code42 app.

Code42 app logs

You can access Code42 app logs in the following ways:

Code42 app log example

The endpoint file system is the only place to find a persistent copy of the path names of the files restored by a user with the Code42 app. The information is stored in the file restore_files.log.*, which can be retrieved using the console as described above, or by accessing the file system on the device. Here is an example of the information available about the path names of restored files:

I 03/05/14 06:01AM 622091232443159553 Starting restore from CrashPlan PROe Server: 1 file (80KB)
I 03/05/14 06:01AM 622091232443159553 Restoring files to /Users/joe.johnson/Desktop
I 03/05/14 06:01AM 622091232443159553 /Users/joe.johnson/Desktop/test.pdf 
I 03/05/14 06:01AM 622091232443159553 Restore from CrashPlan PROe Server completed: 1 file restored  @ 26.6Kbps

Search logs from the command line

Search the logs using sed, grep, egrep, or another utility.

Advanced log file analytics with third party tools

Log files can provide a source of data for third-party data analysis and visualization tools such as Splunk. For more information, see Install and manage the Code42 Insider Threat app for Splunk

List of devices

You may need to produce a list of all active (or deactivated) devices as part of the eDiscovery process.

To create and download a list of all active devices in your Code42 environment:

  1. Sign in to the Code42 console.
  2. Select Administration > Status > Reporting.
  3. On the Device Status tab, select Active from the Device Status list.
  4. Click Run Report.

Custom scripts

The code examples below are meant to provide examples of use of the Code42 API in ways that can support eDiscovery. Code42 does not provide any guarantee on the suitability of any script or code example for any particular application. Contact sales about engaging our Professional Services team for assistance with custom scripts.

Script 1: Automate push restores

Purpose

It may be necessary to perform push restores of select files or user data, in order to secure and preserve the data for eDiscovery.

In depth

Please read our article on automating push restores, which includes a sample script, detailed examples, and sample output with explanations.

Source code

You can download the latest version of the push restore script from the Code42 GitHub site.

Script 2: Data leak monitoring and detection with the Code42 API

Purpose

This script monitors and protects the archives of selected users in your Code42 environment against unauthorized or suspicious restore activity.

Source code

You can download the latest version of the restore watch script from the Code42 GitHub site.

Other Code42 API examples

Please browse the Code42 API examples on our GitHub site for more examples of ways to use the Code42 API in your eDiscovery projects.

Video

Watch the video below to learn how you can use Code42's legal hold in your eDiscovery workflow. For more videos, visit the Code42 University

  • Was this article helpful?