Expert Q&A: How insolvency practitioners can capture digital assets effectively

29 April 2026

In this Q&A Richard Ian Hasseck, Chief Executive of Cavendish IP Solutions Ltd, a London-based specialist that funds and realises insolvency-related litigation claims and problematic debts on behalf of licensed insolvency practitioners, explains the challenges of capturing digital assets.

Q. What are the current challenges facing insolvency practitioners (IPs) when capturing assets?

A. Twenty years ago, a practitioner attending a company's premises could reasonably expect to find the documentary record of a business in physical form from board minutes, management accounts, correspondence files, and ledger books. Today, most commercially relevant information is digital, and often dispersed across multiple platforms and devices.  

Email accounts, whether hosted on Microsoft Exchange, Google Workspace, or a legacy server, contain negotiations, instructions, complaints and critically, evidence of what directors knew and when. Accounting software such as Xero, Sage, or QuickBooks carry a timestamped transactional history that can reveal patterns of preference, dissipation of assets, or deliberate obfuscation.

Calendar and diary records show meetings that never made it into minutes. File-sharing services hold draft documents that contradict the final signed versions.

Q. What are the dangers of not capturing digital assets?

A. If a practitioner fails to capture these assets early - ideally by taking forensic images of hard drives and securing access to cloud-based accounts at or shortly after appointment - that evidence may be irretrievably lost. Directors have been known to delete email accounts, revoke cloud access, and remotely wipe devices. The window for capture is narrow, and the consequences of missing it can be severe.

In almost every case, the strength of the claim rests upon the documentary record. Court proceedings in this area turn not on assertion, but on evidence: what did the directors know, when. The answers to those questions lie overwhelmingly in digital archives.

The practitioner who captured that data at appointment is well placed to bring or support a compelling claim. The practitioner who did not is left relying on whatever the directors disclose. 

Q. What should you consider about data capture when appointed to a case? 

A. At the point of appointment, we recommend that IPs consider taking the following steps: 

• Forensically imaging hard drives and servers 
• Preserving email accounts including exporting or archiving all email accounts in their entirety if possible, bearing in mind that metadata like sender, recipient, timestamps, read receipts and header information, is frequently as important as the content 
• Securing login credentials and administrative access to accounting platforms, document storage (such as SharePoint, Dropbox, Google Drive) and CRM systems 
• Exporting data in formats that preserve the audit trail 
• Investigating how to capture relevant communications on company mobile phones, tablets, and personal devices under bring your own device policies.  

Q. How can IPs capture and store all the data collected? 

A. The first and most important consideration for IPs is to engage early with internal IT teams to secure any available administrative credentials (usernames and passwords) that enable access to corporate systems. For example, in a Microsoft 365 environment, global administrator access can typically provide visibility over a significant proportion of corporate data, including email accounts and SharePoint repositories. 

Access credentials for other key business systems, such as finance platforms or ERP applications, should also be obtained where possible. If the intention is to capture data from corporate devices, such as laptops or mobile phones, it is equally important to secure device access PINs and encryption recovery keys (such as BitLocker), which are often used. 

With this information in place, a digital forensics provider can carry out a defensible preservation of data and store it securely pending any future analysis. 

In practice, one of the most common obstacles to effective data collection is not technical complexity, but simply the absence of the necessary access credentials to reach the relevant data sources. 

Q. Are there considerations around data subject access requests? 

A. It’s likely that IPs assuming control of a business will also, by association, become the data controller and therefore ultimately responsible for responding to any data subject access request. Collecting and preserving the data correctly can significantly alleviate the burden of such requests. Once data is preserved, it can make it easier to identify information associated with a data subject if a request is made. 

Q. Can you give an idea of the costs of uploading, storing and accessing data? 

A. We recognise that the cost of backing up at a point when there are no contentious claims can be significant barrier. Costs to forensically capture data from corporate systems can run into many thousands of pounds. Once captured monthly data storage fees will then apply, which can vary between 20p and £10 per GB per month, depending on where it is held. 

Having said that, you may consider it a good investment given the ability to access and interrogate the data, particularly where fraud or mismanagement is suspected, can be critical to a case.  

Q. How can IPs determine how much data to capture? 

A. Establishing a well-prepared and defined data collection strategy is key. It is critical that any data collection process is both proportionate and targeted. 

This is where a digital forensic partner can be invaluable. They will work with the IP to understand both the context of the insolvency and the objectives of the IP. Once this is clear, they will advise on an appropriate collection scope. This helps to avoid collection of irrelevant data sources and minimises costs. 

It’s worth noting that it can be more cost-effective (and easier) to forensically capture an entire mailbox than a selection of emails from a specific data range. 

Q. At what stage should an IP consider involving a data recovery expert? 

A. People assume that data remains available indefinitely, but this is not always the case. For example, if an IP is interested in user activity such as whether employees were downloading valuable assets (such as intellectual property) from corporate systems prior to liquidation, the ability to determine this lies within system files that generally have a finite retention period which can be as little as 30 to 90 days. 

This can limit the ability to maximise the evidential value and can lead to an IP potentially being challenged about the authenticity of evidence. 

For these reasons, it’s important to engage a relevant expert as early as possible. Initial advice is entirely free-of-charge from Cavendish’s partner Decode and will often provide a clearer sense of what is and is not possible, the likely outcome and an estimated cost before we are formally engaged.

Q. What is the secret to effective digital data capture? 

A. The IP of today operates in an environment where the most important evidence is invisible to the naked eye - held in cloud servers, email archives and accounting systems that will not wait indefinitely to be examined. The obligation to capture that evidence promptly, preserve it properly and analyse it intelligently is both a professional duty and a commercial opportunity. 

Those who act swiftly and systematically to secure the digital record will be better placed to recover more. Stronger evidence supports stronger claims, and stronger claims deliver better returns - for creditors, for funders, and for the reputation of the practice.