In today’s workplace, the center of gravity for digital evidence has shifted. As cloud collaboration, hybrid work, and mobile productivity become permanent features of business life, corporate IT teams have emerged as de facto custodians of data that may later become evidence. This isn’t inherently problematic—after all, IT teams control the systems that generate, store, and secure that data. However, trouble begins when the electronic discovery, or worse, forensic responsibilities that traditionally fell to certified digital examiners and eDiscovery experts are absorbed into everyday administrative workflows.
In today’s corporate marketplace, the trend is to do more with less, and litigation preparedness and response is no different. When litigation strikes, companies lean on their internal IT professionals, as they do for nearly anything that is technology-related but may have little to do with their primary responsibilities. At the request of their superiors, IT personnel use familiar tools to gather what they believe to be relevant information. Microsoft 365 admins may run a Content Search, download .pst files, and email the results to Legal. A systems engineer might clone a server VM from a nightly backup. A mobile device manager may pull selected files from an employee’s iPhone. From an operational perspective, these actions are logical and efficient. From a legal standpoint, however, they can be catastrophic.