Data Discovery and Source Mapping

What This Solves

Most discovery disputes do not originate in the courtroom. They surface weeks earlier, when a key Salesforce org goes unidentified during initial scoping, a Slack workspace created during a pre-deal due diligence process never makes it onto the custodian list, or a Snowflake data warehouse turns out to hold years of transactional records that opposing counsel expected to see in production. For New York corporate litigation and regulatory matters, the stakes around these gaps are especially high. Judges in the SDNY and EDNY have imposed significant sanctions for inadequate preservation and incomplete productions, and NY Commercial Division Rule 11-c specifically addresses ESI disclosure obligations at the outset of commercial cases.

NYCF's data discovery and source mapping work eliminates those surprises. Before any collection begins, NYCF analysts conduct structured source interviews, deploy connector-based tools against known cloud environments, and produce a documented data inventory that gives counsel a defensible picture of where relevant ESI exists, who controls it, and what needs to be preserved. The result is better scoping, fewer late-breaking disclosures, and a stronger foundation for every downstream step in the matter.

What We Identify

Enterprise data rarely stays in one place. A single custodian at a Manhattan financial services firm may have relevant ESI spread across a primary email account, a personal OneDrive folder, a shared Teams channel, a Slack workspace created under a partner tenant for a specific transaction, a Salesforce org with embedded email logging, and a Box folder shared with outside counsel on Park Avenue. NYCF maps all of it.

Shadow IT is a particular issue in complex commercial matters involving New York technology companies, media businesses, and financial institutions. Employees frequently adopt SaaS tools that IT never formally sanctioned: a department using a consumer Zoom account for file storage, a deal team running due diligence notes in an unregistered Notion workspace, or a trading desk keeping track of communications through personal Gmail. NYCF's source discovery process specifically looks for these repositories, not just the ones that appear on the initial custodian interview list.

Platforms NYCF routinely identifies and maps include:

Microsoft 365: Exchange Online, SharePoint, OneDrive, Teams, and Viva Engage (Yammer). Google Workspace: Gmail, Drive, Chat, Meet recordings, and Shared Drives. Slack: standard channels, private channels, direct messages, and Slack Connect workspaces used with outside parties. Salesforce: email logs, activity records, case notes, documents, and chatter feeds. Snowflake and Databricks: analytical data warehouses and data lakehouse environments common in New York financial technology and data-driven businesses. AWS and Azure: S3 buckets, RDS databases, Blob storage, SQL databases, and Active Directory audit logs. Oracle and SAP: ERP records, financial data, HR modules, and transaction histories at the enterprise level. SharePoint on-premises and hybrid deployments, including those common among New York government agencies and large institutions. Box, Zoom, and other collaboration platforms, including version histories, comments, and meeting transcripts. Backup systems, archive tapes, and decommissioned server images retained for regulatory compliance.

Custodian-Source Alignment

Identifying sources is only part of the work. NYCF pairs each source with the custodians who have access, the categories of data each source holds, and the time periods for which data is available and recoverable. This custodian-source alignment document becomes the authoritative reference for scoping preservation and collection decisions throughout the matter.

For matters with large custodian populations, which are common in New York commercial litigation involving financial institutions and publicly traded companies, NYCF uses structured intake questionnaires alongside automated account enumeration to cross-check self-reported information against actual system activity. An employee may not recall that they had access to a particular SharePoint site during a specific transaction window, but the access logs will show it. NYCF reconciles both sources of information and documents any discrepancies for counsel's review.

NY Commercial Division matters present a particular challenge when corporate parties have gone through mergers, spin-offs, or significant restructuring in the relevant period. Legacy tenants, successor accounts, and archived mailboxes from predecessor entities often contain relevant ESI that custodians have forgotten about entirely. NYCF specifically reviews organizational history during the source identification phase to flag these situations before they become production gaps.

NYCF's Process

Defensibility and Documentation

Data discovery work is only as valuable as its documentation. Courts in the SDNY and EDNY, along with NY Supreme Court Commercial Division judges, increasingly scrutinize not just what was collected, but how the producing party determined what existed in the first place. NYCF delivers a written Source Identification Report documenting the methodology used, the sources identified, the custodians interviewed, the connector queries executed, and the scope decisions made by counsel.

This report gives counsel a factual record to cite in Rule 26(f) conferences, NY Commercial Division preliminary conferences, and any subsequent motion practice about the adequacy of the producing party's search. Every source enumeration query is logged with timestamps. Every interview is documented with the date, participants, and topics covered. The report can be supplemented as new information comes to light and is structured to support a NYCF declaration if the adequacy of the source identification process is challenged in motion practice.

NYCF's forensic analysis of source data is distinct from the attorney's conclusions about relevance. The scope decisions, privilege determinations, and discovery strategy are entirely the domain of counsel. NYCF provides the technical documentation of what exists and how it was identified; counsel decides what to preserve, collect, and produce.

Deliverables

At the conclusion of a source mapping engagement, NYCF delivers the following:

A Source Identification Report providing a written summary of all sources identified, the method of identification, and their relationship to the custodians and time periods at issue. A Data Map structured as a formal inventory linking each source to its data type, associated custodians, available date range, applicable retention policy, and current collection status. A Custodian-Source Matrix aligning each custodian to their data footprint across all identified systems, including systems identified through automated enumeration that the custodian did not disclose. A Shadow IT Log documenting any unauthorized or unapproved platforms identified during the discovery process, with a description of the data types involved and the custodians who used them. A Scope Confirmation Memo recording counsel's in-scope and out-of-scope determinations, suitable for production or disclosure in connection with a Rule 26(f) conference or NY Commercial Division ESI submission.