Electronic discovery, often abbreviated as e-discovery, is the formal legal process of identifying, preserving, collecting, processing, reviewing, and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation. It encompasses the entire procedure of locating and securing digital data for use as evidence in legal proceedings. This process is governed by rules of civil procedure and is a critical component of modern litigation.

A. Chain of custody: This is a chronological record documenting the handling and control of evidence to ensure its integrity, not the discovery process itself.

B. Forensic imaging: This is a specific technical method for creating an exact, bit-for-bit copy of a storage device, which is a step within the e-discovery process.

D. Gap analysis: This is a business management technique used to compare the actual performance of an organization with its potential or desired performance.

1. Cloud Security Alliance (CSA). (2017). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. Domain 6: Legal Issues: Contracts and Electronic Discovery

p. 75. The document defines e-discovery as "the process of identifying and producing ESI in litigation."

2. Kent

K.

Chevalier

S.

Grance

T.

& Dang

H. (2006). Guide to Integrating Forensic Techniques into Incident Response (NIST SP 800-86). National Institute of Standards and Technology. Section 2.4.2

p. 13

discusses e-discovery as a major consideration for organizations when handling data that may be involved in litigation.

3. Legal Information Institute (LII)

Cornell Law School. "Electronic Discovery." This resource defines electronic discovery as "any process in which electronic data is sought

located

secured

and searched with the intent of using it as evidence in a civil or criminal legal case."

4. The Sedona Conference. (2007). The Sedona Principles

Second Edition: Best Practices Recommendations & Principles for Addressing Electronic Document Production. The Sedona Conference Journal

8

1-58. Principle 1

p. 10

establishes that electronically stored information is discoverable and subject to the same legal rules as tangible evidence.