Supercharging Slack Data Handling with Workstream

Slack is an extremely popular chat messaging service that is often found in ProSearch’s matters. The format in which the data is exported from the service is extremely challenging to handle from an eDiscovery perspective, specifically how to handle attachments. This article illustrates ProSearch’s home grown solution, WorkStream, and how the latest update has addressed key client concerns and drastically cut down the time needed to process it fully.

The Problem

Slack has very limited export options in its native interface. Admins can apply a date range and if the tenant has the Slack Enterprise license, target a specific user of Slack. But that’s it. Slack then gathers all chats across all channels for that person and exports them as a set of JSON files.

Files shared in chats are not included in the Slack delivery. They are only found as URL links with the JSONs. This keeps the export deceptively small. During processing we must follow the links and download a copy of the file during processing. It is not unusual for a delivery to take days to complete and balloon in size ten-fold due to all the downloaded attachments.

Typical discoveries may involve multiple users many of whom may have been part of the same channels or conversations. Data from each of those users must be collected separately. The same messages, attachments and data may be found multiple times across all custodians. Software would have to process all chats and all attachments before any sort of deduplication can take place.

This leaves clients with a problem. Can they get visibility into their datasets before committing to processing a potentially large amount of files? Can they estimate how long the process will take and finally, can they tailor the processing of their Slack deliveries such that work is not needlessly duplicated across multiple deliveries?

WorkStream

ProSearch, has developed WorkStream, a software platform that natively supports the handling of Slack datasets. It accounts for these issues and ensures that data is processed accurately and quickly. Attachment download has been identified as the main time sink for WorkStream processing. The latest WorkStream release has added the ability to defer the downloading of attachments until later in the WorkStream workflow. This deferment has made WorkStream very flexible in how it can handle data. It makes possible the following scenarios:

1. Clients can abstain from downloading attachments completely if they are only interested in messages.
2. Clients can defer downloading of attachments until all custodians’ datasets have been processed and deduplicated. Only when a deduplicated Review Set has been agreed upon can they download the attachments of the affected messages. This has the potential to save massive amounts of work and bandwidth.
3. Clients who are interested in only specific type of attachments may defer attachment processing until later so as to get an initial report on the type of attachments present in the dataset. Once a report is generated, they have the ability to choose which file type they would like to proceed with and which ones they are happy in leaving behind.
4. Security conscious clients may defer the downloading of attachments until such time as IP address and URLs are whitelisted.

This ensures that time is not wasted processing and downloading duplicate or unnecessary attachments. Users can focus on seeing the chats and conversation quickly and ultimately build a very tailored workflow suitable to their needs. This is especially noticeable if there are a large number of custodians sharing the same channels and conversation. The more custodians there are the more crucial this system becomes.

For more information contact us here.