Microsoft Outlook PST Legal Discovery Tool
Two of the most trending things in the world of technology today are; Email Services and their eDiscovery. And Microsoft Outlook tops the list of professional email service providers. Believe it or not, but a large number of cyber crime cases reported till the present time, mostly involved the use of emails; to or for attack.
An Overview At The Situation
Emails are the basic source for organizations to carry out conversations and do business. While eDiscovery has turned out as the most approached method to find out whether this exchange of emails is carried out in a healthy manner or for fallacious purpose, whatsoever.
However, the decision of selecting a right source to perform eDiscovery becomes difficult when considered from an organizational point of view. An organization has to make a decision, both; in respect of their data security and investment.
Thus, here we will be discussing about two of the most advanced solutions to perform a complete PST eDiscovery.
Let Us Know In-Place eDiscovery First
eDiscovery is majorly demanded by large scale organizations and setups which makes it quite obvious that a combination of email-server environment will be involved.
Considering the same, users with suitable permissions, owned in Exchange 2013 or Exchange Online, can make use of a powerful feature called In-Place eDiscovery to gain access over the entire message based records stored within the server organization.
Later, the user can use eDiscovery Export tool from EAC (Exchange Administration Center, Exchange 2013) in order to export your searches belonging to the In-Place eDiscovery, into PST i.e. an Outlook Data File.
NOTE: Always keep control and continuous monitoring on the discovery based activities like; member(s) added to the role group assigned to Discovery Management, assigning Mailbox Search management role, or mailbox access permission assigned to discovery mailbox(s).
TIP: In-Place eDiscovery can also be used in a hybrid environment in order to carry out searches on Cloud mailbox and on-premise mailbox within the same search.
Key Purpose
An organization that binds by the legal requirements like compliance, organizational policy, or lawsuit, will find In-Place eDiscovery a suitable platform. It helps perform the electronic discovery of appropriate search within Exchange Server 2013 or Online organization.
The benefit of this feature is that it has an integration with Microsoft SharePoint 2013 and Microsoft SharePoint 2013 and Online service.
The integration makes it possible for you to take out data output of eDiscovery searches from Exchange as well as SharePoint account as an Outlook Data File via export.
NOTE: When running in integration with SharePoint, searches can be carried out for the entire content associated with a case. This includes: online and on premise SharePoint websites, indexed file share by SharePoint, documents, etc.
Performing PST eDiscovery
Prerequisites
- Export time will depend on the basis of the size and number of search results being exported.
- You need Discovery Management role group permission which by default has no members. Users and administrators, both are required to avail permissions in order to search for mailboxes. You will have to add a user to the Discovery Management role group.
- Hardware Requirements: On an overall basis, the computer being used for exporting searches to Outlook Data file must meet the described system requirements:
- It should have Windows OS of 7 or later versions (32 or 64 Bit)
- Microsoft .NET Framework version 4.5 is required
- Supported internet browsers:
- IE (Internet Explorer) 8 or later versions
OR
- Google Chrome or Mozilla Firefox with the add-in – ClickOnce installed
Working
The content indexes created via Exchange searches are used by In-Place eDiscovery. With the help of RBAC (Role Based Access Control) role groups on Discovery Management are provided for delegating discovery related tasks to even non technical individuals. There won’t be any need of providing advanced privileges that might permit a user to carry out operational changes to the configuration of Exchange.
- Permitted users can carry out the In-Place eDiscovery search via selection of mailboxes and specification of search criteria like; keywords, start/end date, sender/recipient account address, along with the message type.
- Once the search has completed, entitled users can choose any of the following actions:
- Estimate Search Result – An estimation of the total size along with the amount of items which will later be returned by a search that is based on specified criteria is provided by this option.
- Preview The Search Result – The option offers you to preview the results. The messages that have been returned from every mailbox that has been searched for, are displayed on screen.
- Copy Search Result – You can copy messages to the discovery mailbox.
- Export Search Result – Once the search results have been copied to discovery mailbox, they can further be exported to a PST file.
Role Of Forensic Email Analysis Software
Those who wish to further investigate and examine the exported data in PST can go for Email Analysis software. The tool is a complete email examination tool for digital forensics purposes.
NOTE: The application works for both; desktop based email client data and web based email service message investigation.
Other Noteworthy Features
- Recovery of deleted and corrupted email data.
- Scanning of web and desktop mail data supported.
- Multiple export options for artifacts.
- Advanced level of search options featured.
- Multiple viewing options provided for email.
- Bookmark evidence facility.
- Export and import case.
- Send / share case for review.
- Cloud Review facility.
- Recursive email listing.
Bottom Line
In-Place eDiscovery and eDiscovery Export Tool is a good choice to make for the examination of mailbox storage. However, being restricted to a limited number of environments, i.e. Exchange and SharePoint online and on-premise respectively, it can play a part in eDiscovery. Forensic Email Analysis Software on the other hand is a completely universal email examination tool which suits the eDiscovery arena on the whole.
Thus, making a choice between the two entirely depends on your requirement. Also, the email examination tool further offers a deeper investigation of the output created after the eDiscovery of mailbox which makes it a more suitable choice to make.