In a previous article on the topic of electronic discovery, I began the conversation about a term we use called “processing”. Later, I wrote a few articles about some issues that come up during the processing of electronic discovery. One was exceptions and the other was embedded objects.
Another issue that we have to deal with, when processing electronic discovery, is password protected files. The original user may have added password protection to a file that ended up being collected for a litigation matter. It could be a file that was stored a server or a hard drive. It could also be a file that was attached to an email.
The processing software will flag the file as “not able to process”. The file information will most likely land on the exceptions list. Each service provider will handle password protected files differently, depending on their workflow and capacity. Sometimes the service provider will give us a call and let us know that they are finding password protected files. Other times we find out when we are looking through the exception list and we read the “exception reason”.
One of the first steps we can do, is to contact the custodian of the files and ask them if they remember what the password is. Occasionally, the custodian knows that a standard password was in use at the time and they can tell us what it is. We can then give the password to the service provider so they can finish processing the file(s).
The custodian might also reach out to the sender who originally sent them the file via email and ask them for the password.
More often than not, the custodians do not remember the passwords. Most service providers will offer one or more methods they can utilize to attempt to crack the password(s). In my experience, the password cracking process can take one or two days to run. Most service providers will charge an extra fee for password cracking.
It is a good idea to add a question to the custodial interview about whether or not they send or receive password protected files. If they say yes, we can ask them for any passwords during the interview.
We can also search the database for a duplicate version of the password protected file and check to see if another version is also password protected.