Sample Ediscovery Interrogatory

IN THE UNITED STATES DISTRICT COURT DISTRICT OF [Jurisdiction] Court File No.: Plaintiff, v, Defendant. I. Definitions The definitions below will apply to the interrogatories requested in this document. : A. Application: An application is a collection of one or more related software programs that enable a user to enter, store, view, modify or extract information from files or databases. The term is commonly used in place of “program,” or “software.” Applications may include word processors, Internet browsing tools and spreadsheets. B. Backup: To create a copy of data as a precaution against the loss or damage of the original data. Most users backup some of their files, and many computer networks utilize automatic backup software to make regular copies of some or all of the data on the network. Some backup systems use digital audio tape (DAT) as a storage medium. Backup Data is information that is not presently in use by an organization and is routinely stored separately upon portable media, to free up space and permit data recovery in the event of disaster. C. Archive: A copy of data on a computer drive, or on a portion of a drive, maintained for historical reference. D. Computer: Includes but is not limited to network servers, desktops, laptops, notebook computers, employees’ home computers, mainframes, the PDAs of [party name] and its employees (personal digital assistants, such as PalmPilot, Cassiopeia, HP Jornada and other such handheld computing devices), digital cell phones and pagers. E. Data: Any and all information stored on media that may be accessed by a computer. F. Deleted Data: Deleted Data is data that, in the past, existed on the computer as live data and which has been deleted by the computer system or end-user activity. Deleted data remains on storage media in whole or in part until it is overwritten by ongoing usage or “wiped” with a software program specifically designed to remove deleted data. Even after the data itself has been wiped, directory entries, pointers, or other metadata relating to the deleted data may remain on the computer.

1

G. Digital Camera: A camera that stores still or moving pictures in a digital format (TIFF, GIF, etc.). H. Document: Includes but is not limited to any electronically stored data on magnetic or optical storage media as an “active” file or files (readily readable by one or more computer applications or forensics software); any “deleted” but recoverable electronic files on said media; any electronic file fragments (files that have been deleted and partially overwritten with new data); and slack (data fragments stored randomly from random access memory on a hard drive during the normal operation of a computer [RAM slack] or residual data left on the hard drive after new data has overwritten some but not all of previously stored data). I. Hard Drive: The primary storage unit on PCs, consisting of one or more magnetic media platters on which digital data can be written and erased magnetically. J. Network: A group of connected computers that allow people to share information and equipment (e.g., local area network [LAN], wide area network [WAN], metropolitan area network [MAN], storage area network [SAN], peer-to-peer network, client-server network). K. Operating system (OS): The software that the rest of the software depends on to make the computer functional. On most PCs this is Windows or the Macintosh OS. Unix and Linux are other operating systems often found in scientific and technical environments. L. Software: Any set of instructions stored on computer-readable media that tells a computer what to do. Includes operating systems and applications. M. Storage Devices: Any device that a computer uses to store information. N. Storage Media: Storage media are any removable devices that store data. II. Information Technology (IT) & Information System (IS) Personnel 1. Provide a list of all IT and IS personnel and technical staff that is or has been responsible for managing and maintaining the technology infrastructure of [Plaintiff / Defendant] for the period _____ to _____, including, but not limited to desktop computers, servers, personal digital assistants (PDAs), portable computers, laptop computers, and other electronic devices. Include contact information such as full name, job position, job description, and list of duties. 2. Produce all formal and informal contact lists List of employees formally or loosely assigned to subgroups within the IT and IS departments, such as network engineering, software development,

2

emergency response teams, quality assurance, troubleshooting, data recovery units, Audit/investigation Teams etc. III: Network Architecture 1. Describe any and all groups of connected computer systems that permit users to share information and transfer data, including, but not limited to local area networks (LANs), wide area networks (WANs), client-server networks, virtual private networks (VPNs), and storage area networks (SANs). 2. List any and all components and network resources that establish and maintain the network environment, including, but not limited to, routers, switches, hubs, bridges, firewalls, proxies, etc. 3. Describe any and all third-party connectivity between the computer systems and network environment of [Plaintiff / Defendant], including the type of information that is shared, manner in which information is transferred, and contact lists of internal and external individuals who have authorization to transfer information into or out of [Plaintiff / Defendant] network environment. XII. Network questions 1. Produce any and all documents and things related to networks or groups of connected computers that allow people to share information and equipment, including but not limited to local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), storage area networks (SANs), peer-to-peer networks, client-server networks, integrated services digital networks and VPNs. 2. Produce any and all components related to networks, including but not limited to information exchange components (e.g., Ethernet, token-ring, ATM), network work file servers, traffic, hubs, network interface cards, cables, firewalls, user names, passwords and intranet. 3. Produce copies of any and all graphic representations of your computer network, and the relationship of those components to each other, including any revisions, for the period of _____ to _____ inclusive. If the documents are electronic, produce them in their native form, as they existed at the time they were drafted, based on version or backup data. IV. Document Retention Policy, Collection and destruction:

3

1. Identify and attach any and all versions of document/data retention policies used by _______________ during the relevant time period of this litigation. 2. Identify documents or classes of documents that were subject to scheduled destruction. Attach copies of document destruction inventories/logs/schedules containing documents relevant to this action. Attach a copy of any disaster recovery plan. Also state: the date, if any, of the suspension of this policy in toto or any aspect of said policy in response to this litigation; a description by topic, creation date, user or bytes of any and all data that have been deleted or in any way destroyed after the commencement of this litigation. 3. State whether the deletion or destruction of any data pursuant to said data retention policy occurred through automation or by user action. 4.

Describe all hardware or software utilized to facilitate the deletion of data subject to data retention policies and procedures.

5. Was there a companywide instruction regarding the suspension of said data retention/destruction policy that occurred after or was related to the commencement of this litigation? If so, identify the individual responsible for enforcing said suspension. 6.

Describe all efforts taken since the filing of this action to gather and secure documents, including but not limited to: electronically generated or stored word processing files, electronic mail, and backup copies of information that may be discoverable or lead to the discovery of admissible evidence.

7. Describe all record retention and destruction policies and procedures followed during the relevant period of time, including, but not limited, to the date the policy was adopted, the types of documents covered in the respective retention period, the frequency of document destruction, whether any record is kept of what documents are destroyed, the manner the policy has been communicated to your employees and the identity of all employees with responsibility of implementing and executing such policies. 8.

List any and all servers, workstations, or electronic devices that have had its hard drive reformatted or replaced during the period ____ to _____.

9. Identify any and all information deleted, physically destroyed, corrupted, damaged, lost, or overwritten, either pursuant to the data retainer policies and procedures or not, that was relevant to this legal matter.

4

10.Identify any and all information deleted, physically destroyed, corrupted, damaged, lost, or overwritten, either pursuant to the data retainer policies and procedures or not, that took place since the initiation of this legal matter. V: Computer Hardware 1. Identify each computer system that is or has been used by employees for the period _____ to _____, including, but not limited to, desktop computers, servers, personal digital assistants (PDAs), portable computers, laptop computers, and other electronic devices. Include descriptions of equipment and any peripheral technology attached to the computer system. 2. Describe the Internet and intranet connectivity of each computer system, including, but not limited to, client-server communications and client-client communications facilitated through modem, network, or direct connection. 3. List all hardware or software modifications made to computer systems in use during the period _____ to _____, including, but not limited to, dates of modifications, software and hardware titles, version numbers, contact information of IT or IS personnel performing the modification, and location of data backups taken prior to modification. 4. Identify any and all specific computer systems that have been used to create, modify, or store electronic information relevant to this legal matter. VI: Computer Software 1. List all operating systems installed on all computer systems in use by [Plaintiff / Defendant], including, but not limited to, Microsoft Windows, Linux, Unix, DOS, etc. 2. List the title and version number of any and all software installed or executed on the computer systems used by [Plaintiff / Defendant] during the period ____ to _____. VII: Electronic Mail systems and Communication 1. Describe all e-mail software presently and previously used by you and the dates of use, including but not limited to the name of the software, and the version number in use during the relevant time period of this litigation. 2. List all servers that are currently used or have been used for the email system including the server name, dates of use, and the dates 5

of its use as an e-mail server during the relevant time period of this litigation. 3. List any specific type of hardware that was used, during the relevant time period of this litigation, as terminals into the e-mail system (including laptops, desktops, cell phones, personal digital assistants) and its current location. 4. Identify all past and current users on each e-mail system, during the relevant time period of this litigation, and the location of each user’s mail files. 5. State whether the e-mail is encrypted in any way and list passwords for all past and current users during the relevant time period of this litigation. 6.

Identify all past and current users known to you who have generated e-mail related to the subject matter(s) of this litigation during.

7. List all emails, senders, and recipients of e-mail relate to, or are relevant to the subject matter of this litigation, including but not limited to, date, recipient(s) and authors. 8. Identify all past and current persons responsible for administering the e-mail system(s) during the relevant time period of this litigation. 9. Identify any mailboxes that have been restored from backup tape during the relevant time period of this litigation, and provide the name of the mailbox restored, the size of the mailbox restored, the resources required to perform the restoration in terms of labor hours, equipment, and drive space. 10. Describe all server- and workstation-based software in use or used to facilitate the transmission of email during the period ____ to _____. 11. Identify all hardware in use or used to facilitate the transmission or storage of email during the period ____ to _____. 12.List all email accounts in use during the period ____ to _____. 13. Describe the policies, procedures, and technology employed to backup and archive email messages during the period ____ to _____. VIII: Data Backups, Archives, and Removable Media 1. Describe the policies and procedures governing the use of removable media, such as CD-ROMs, zip disks, floppy disks, tape

6

drives, removable hard drives, etc., associated with [Plaintiffs / Defendants] computer systems or network. 2. Describe the policies and procedures for performing data backups on all computer systems as well as the hardware and software employed during the period ____ to _____. 3. List any and all removable media utilized to store data during the period ____ to _____. 4. List all IT and IS personnel responsible for conducting data backups and the arching of electronic information during the period ____ to _____. 5. Identify all removable media that is known to contain information relevant to this legal matter. IX. Operating Systems 1. List all operating systems (including but not limited to UNIX, Windows, DOS, Linux and PDA operating systems) installed on all computers used by [party name], the specific equipment the OS was installed on and the period during which it was installed on the specific equipment. 2. Provide copies of all operating system software listed in the preceding interrogatory, and all supporting documentation provided with the software, and any manuals and tutorials acquired by [party name] to support use of the software. X: Telephone System 1. Describe the elements of your telephone and voice messaging system, including all hardware, software, and third-party service providers. 2. Identify any and all voice messaging records for [Name] during the period ____ to _____, including, but not limited to, caller message recordings, voice recordings, computer voice mail files, outgoing voice recordings, unified messaging files, etc. 3. Identify any and all telephone use records for [Name] during the period ____ to _____, including logs of outgoing and incoming calls. 4. Do you have any graphic representation of the components of your telephone and voice messaging system, and the relationship of those components to each other, including but not limited to flow charts, videos or photos, and diagrams?

7

XI. Other sources of electronic evidence 1. Describe any and all network, server, and workstation based log files that were generated during the period ____ to _____. 2. Describe the policies and procedures governing employee use of Internet newsgroups, chat rooms, or instant messaging on [Plaintiffs / Defendants] computer systems. 3. List any and all portable electronic devices owned and operated by [Name] but used in the performance of his/her employment with [Plaintiffs / Defendants]. 4. List all log files (files with suffixes) found on computers in [party name]’s network, and the equipment and logical path where the log files may be found. 5. Provide copies of the following log files: [this is a follow-up request to the preceding interrogatory, issued after the list of log files has been reviewed] 6. Produce any and all manual and automatic records of equipment use, including but not limited to fax, access, audit, security, email, printing, error and transmission records. 7. Do any employees of [party name] subscribe to or participate in Internet newsgroups or chat groups in the course of their employment? If so, list all users and the services that they subscribe to or participate in. 8. Produce any and all information related to newsgroups or chat groups, including but not limited to names and passwords for each and every service, newsgroup messages, text files and programs used to access messages. 9. Do any employees of [party name] use portable devices in the course of their employment that are not connected to [party name]’s network, and that are not backed up or archived? If so, list all users and the devices they use. 10.Produce any and all portable devices not backed up or archived, including but not limited to handheld devices, set-top boxes, notebook devices, CE devices, digital recorders, digital cameras and external storage devices. 11.Does [party name] provide Internet access for any of its employees or has [party name] done so at any time during the period from ____ to _____ inclusive? If so, list the employees who had Internet access, the Internet service provider (ISP) used, and describe the method(s) used to connect to the Internet.

8

12.Produce any and all documentation describing installation and use of hardware and software used by [party name] to provide Internet access for its employees during the period from _____ to _____ inclusive. 13.Produce copies of all manuals, policies and other guidelines for employee access and use of Internet resources. 14.Describe any restrictions on, controls over or monitoring of employee use of Internet resources. 15.Provide any records generated as a result of restrictions on, controls over and monitoring of employee use of Internet resources. 16.Provide a list of any and all Internet-related data on the PCs used by [specific employees or classes of employees], including but not limited to saved Web pages, lists of Web sites, URL addresses, Web browser software and settings, bookmarks, favorites, history lists, caches, cookies. XII. Data security measures 1. List any and all user identification numbers and passwords necessary to access computers or programs addressed in interrogatories and requests. Your response to this interrogatory must be updated with responses to future sets of interrogatories and requests and updated responses to any set of interrogatories and requests. 2. Please provide copies of your computer security policies and procedures and the name and contact information for the person responsible for security. 3. Please provide information about the security settings for the [program]. For example, please provide the security settings for the Exchange Server, noting who has administrative rights. Date: [Law Firm Name] ________________________________________ [Attorney Name & ID] [Address]

9