For the purposes of our investigations at Bellingcat, we created a workflow based on the Electronic Discovery Reference Model by Duke Law School. This is to ensure each Bellingcat team member is able to structure their investigation and maintain consistency across the team. The EDRM diagram represents a conceptual view of the e-discovery process, not a literal, linear or waterfall model.
The use of the EDRM has its basis in a two-day evidence workshop hosted by GLAN in July 2018. The event was attended by technologists, lawyers and investigators who shared the desire to establish common standards and workflow among those documenting violence in Yemen, so that all parties' efforts could be complementary. Lessons were learned from those with years of experience in managing evidence in the Syrian context, presenting digital evidence at the International Criminal Court and maintaining chain-of-custody in war crimes investigations.
Identification: Keywords and search terms, incident research, source identification.
Collection + Preservation: Input into MetadataSchema sheet - URLs and relevant information.
Verification: Employing OSI verification tools - geospatial analysis, geolocation, reverse image search, visual data analysis etc.
Analysis: Answering What, When, Who, How and Where.
Review and confirmation: Corroboration of information, cross referencing content and incident grading. Presentation: Incident assessment and database.