As more businesses and governmental entities increasingly rely on computer networks to conduct their operations and store relevant data, security of these networks has become increasingly important. The need for increased security is emphasized when these networks are connected to non-secure networks such as the Internet. The preservation of important data and the ability to retrieve the data in the aftermath of a security breach has become the focus of network administrators.
Another concern for network administrators is the retrieval, searching, sorting, and copying of relevant electronic data for use in legal procedures, such as responses to subpoenas. Many companies, especially large companies, routinely receive legal document requests as part of civil or criminal proceedings. Fulfilling the company's duty to respond to these requests typically requires the company to search not only their paper documents, but their electronic data such as e-mail, word processing files, spreadsheets, databases, and images as well. This process of gathering, searching, sorting, and copying electronic data without damaging the original data can be extremely expensive and time-consuming.
Electronic data, such as word processing documents, may also include metadata, which is information about the electronic data such as creation date and time or revision history. Searching, sorting, and copying of metadata presents an additional challenge to companies preparing to respond to legal process or recover from a security breach.
Various technologies may be employed to aid in the processing and classification of data, including search technologies, software that copies the entire contents of the hard drive in a computer system, and software that allows an analyst to review its contents and categorize it based on their observations. But existing solutions address only subsets of the problem, such as collection, analysis, or reporting, and fail to fully encompass the process of collection, analysis/minimization, and reporting. Thus, network administrators must employ multiple technologies at each phase and sometimes manually handle the transfer of data between the phases. For example, one technology might be used to image a system hard drive or obtain a process list, while an entirely different technology is used to review that information. This results in increased costs and time delays, which are undesirable in both data production and security breach recovery processes.
Thus there exists a need for additional technologies to manage the entire data production and security breach recovery processes in a fashion that controls costs and reduces risk.