In this series about eDiscovery (or electronic discovery) you will learn how to preserve and access data in Microsoft Exchange for legal inquiry.

From time to time, Exchange Administrators are called on to preserve and produce information for legal inquiry. Often times, this occurs without any prior warning and action must be taken immediately upon notification. Because a task like this often just piles more work and time on top of an already busy schedule, I’m hoping to trigger some useful discussion. My goal is that this series of articles, along with reader comment, can become a “go to” resource when email legal inquiry is required in your organization.

Background

If you Google “eDiscovery in Exchange”, or other similar phrases, you’ll find a plethora of results. Many will eventually guide you to purchasing software. When you’ve been tasked with producing email related to specific people or keywords, and time is of the essence, the last thing you want to do is purchase new software and learn how to purchase, install, setup, and use.

(more…)

In part one of this eDiscovery in Exchange series, I discussed being proactive before the need for legal inquiry arises. Part 2 and 3 will cover email preservation methods. In this post I make some preliminary remarks and discuss backup considerations and database deletion settings.

There are many situations which could trigger the need to assure that email is being preserved. Some events are quite obvious while others may not be.

Before proceeding further, I must point out that prior to an event your company or organization should have an established list of guidelines that you will follow in the event eDiscovery of email may be required. I would recommend also having the procedures reviewed by your legal staff.

As an Exchange Administrator, here’s a scenario that should always trigger the execution of eDiscovery preservation. Your supervisor has notified you that an employee has been using your email system to harass another employee. The offended employee has told the Human Resources department that they are going to file a lawsuit against your company. This scenario is easily recognizable as a trigger to prompt you to preserve email.

(more…)

In part 2 of this eDiscovery in Exchange series, I covered the topics backups and database deletion settings. Today's post discusses Messaging Records Management (MRM) and the new Mailbox Litigation Hold feature in Exchange 2010.

Where Messaging Records Management (MRM) is applied can be controlled at a couple levels.

MRM at the organization level

Some organizations may have a policy that does not allow employees to keep email for more than a period of time. This would be done when the company wants to establish a standardized practice to protect themselves legally. Others may do so to control storage costs and consumption. Whatever the reason, Messaging Records Management policies that automatically delete email need to be put on hold, modified, or both.

(more…)

In the previous three posts in this series, I discussed how to be proactive and what to do when faced with the possibility of legal inquiry. Part 4 will focus on the steps necessary to restore a mailbox database from Microsoft System Center Data Protection Manager (DPM) and prepare it for search.

If your inquiry will be done on a live database, this step of the process is not necessary. However; there are several scenarios where you’d want to perform the inquiry on a snapshot of the mailbox database from a previous point in time.

Exchange 2007

Create Recovery Storage Group

The first step is to use the Database Recovery Assistant to create a recovery storage group. This will provide a place to restore the database from DPM.

(more…)

In the last post I discussed preparation of your environment to collect email for legal inquiry. This post will cover the two very different methods of searching Exchange 2007 SP2 and 2010.

Exchange 2007

Getting results in Exchange 2007 is done using the Get-Mailbox Exchange Management Shell (EMS) cmdlet piped to the Export-Mailbox cmdlet. All messages in the source mailboxes are moved to a destination, searched, and then either filed or removed from target. Dumpster messages are included. There are at least a couple ways the two cmdlets could be used to extract email by keyword.

Export to another mailbox in Exchange 2007

Exporting to another mailbox takes less prep time than exporting directly to a PST file as you don’t need a workstation with a special setup. In another post, I recommended having a separate mailbox database and mailbox to store the results of the search. I feel this allows you as the administrator to take another step to ensure that data related to a case is preserved separately from the production database.

(more…)