was the fact that neither litigators nor IP litigators had much (if any) understanding of what tools were available to them, and almost none of them understood the mechanisms by which those tools were implemented.
The most frustrating part was when they'd give something to their IT department, who would promptly violate both the chain of custody (thus, bringing on spoliation), and data validity. Or they'd try to extract the information themselves, not understanding that the very act of powering up the device would alter the data of hundreds of files, once again killing any chance of succeeding in court. Their preservation letters were woefully inadequate for cyber security or data breaches, especially when rogue employees were suspected.