Solved

Searching for information in mailbox store for lawsuit

Posted on 2011-03-14
6
657 Views
Last Modified: 2012-05-11
I have a Microsoft Exchange Server 2003 SP2 Std. mail box store instance that I need to search accross all mailboxes for certain keywords, phrases and email addresses. This task goes beyond a regular EXMERGE search of the subject line since I need to include 'to', 'from', 'cc' fields, as well as the message bodies. The ultimate goal is to have these emails be compiled in a PST file akin to EXMERGE or other database file so that it can be submitted as evidence in a lawsuit.

My question is whether there is a tool (free or for sale), that one might use for such a purpose. That's 400 points.

Also, perhaps important, perhaps not, I intend to run this on a virtualized instance of a backup of the information store from a year ago (which is the time of focus of this suit). This shouldn't have any bearing on the tool, but I feel I would be amiss to mention it.

Finally, if someone has already gone through this type of a process and can share some best practices, I would be awarding partial points (100) for that as well.
0
Comment
Question by:KPI1
  • 2
  • 2
  • 2
6 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 35137202
This is called E-Discovery Project. I have designed the full process for E-Discovery project. You can use the Advance find option in  Outlook and can search according to key words required for e-discovery. Below are the steps.

First attach a PST to a mailbox
Use the advance search option
Copy the result to PST file and here you have the result for E-discovery.

If you need more details let me know.
0
 

Author Comment

by:KPI1
ID: 35137575
OK, that is one way and I appreciate the thought. However, it is not feasible for the scale of my problem. I apologize, but I should have mentioned that I have 92 mailboxes and 40 search terms, so that would mean I would have to first exmerge 92 PST files out of my mailbox store, then mount them in Outlook, then run 40 searches for each mailbox, all manually.

What I am looking for is to do this on a more global level, as you may understand.
0
 
LVL 41

Accepted Solution

by:
Amit earned 250 total points
ID: 35137655
I have 12000 + mailbox. I know, it is a manual work. But for any forensic test, you need to dig deep. This issue is now resolved in Exchange 2010, with multiple search option http://technet.microsoft.com/en-us/library/dd335072.aspx

As far as, I know there is no shortcut for Exchange 2003
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 17

Assisted Solution

by:lucid8
lucid8 earned 250 total points
ID: 35137846
1. You could export all of the data into PST format and then use a tool like www.X1.com to index all the data and do your searches within that tool.  The results can then be copied to a folder or zip file in MSG format.

2. if the above doesn't work for you and you are interested in other options check my profile for more about myself and company
0
 

Author Closing Comment

by:KPI1
ID: 35141705
I am accepting both answers. I was hoping for a magic bullet which apparently doesn't exist. So ended up pulling my archive edb into Ontrack (a program to mount EDBs), then exported all emails into 1 PST file (not 92), so that's a bit better. I will now use either Outlook or X1 (or other third party tool) and search this immense PST file for my keywords.

I achieved the goal of reducing my manual labor, and finding a way to search in more than the subject line, so I appreciate both thoughts and comments.
0
 
LVL 17

Expert Comment

by:lucid8
ID: 35141726
Thanks for the points and should you want to contact me about the other options check my profile for my contact and company information since what you are trying to do is possible
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now