Email is a dynamic and high-volume communications medium. In its December 2005 Worldwide Email Usage 2005-2009 Forecast, IDC estimates that business email worldwide in 2006 will exceed 3.5 exabytes annually (approximately 10 million TB daily). No company can archive 100 percent of all its email records because email data is so dynamic. Both email data stored in your company's archive and data outside the archive are subject to e-discovery, as Figure 2 shows. As an Exchange administrator who must put together an e-discovery plan for your organization's email records, you face a dual challenge: Move email data that must be archived to meet compliance requirements into a central archive where it can be more readily managed via archiving and records-management solutions, and manage data not in the archive by using e-discovery tools. Email-archiving tools provide the infrastructure for long-term storage, indexing, and recordkeeping of email data, whereas e-discovery tools focus on search and retrieval of electronic documents on hard drives, servers, and other media throughout a given environment, with the view of producing evidence required for an investigation.
Data outside the archive can include email messages in PSTs on local machines or file servers, messages on mobile devices, email stored on backup media, and any other device or medium on which messages might be stored. Typically, Exchange administrators don't focus on identifying what data needs to be archived for compliance; rather, their job is to implement compliance policies that someone else in the organization decides. For example, your company's legal department might provide some compliance policies, which state that "all email meeting x criteria needs to be archived," which IT then translates into a technology implementation. Unless you're in a very small company, managing email records throughout their lifecycle from cradle to grave for compliance reasons can become extremely burdensome. Taking the following actions can make managing and identifying both archived and non-archived records for e-discovery easier.
Move to Exchange 2000 Server Service Pack 3 (SP3) or later. Exchange 2000 SP3 and later support envelope journaling. Microsoft actually added envelope journaling—which allows Exchange journaling to capture distribution list (DL) expansion metadata—in Exchange 2003 SP1 but has since back-ported this functionality into Exchange 2000 SP3. Before envelope journaling, if you sent an email message to a DL such as all@worldofmen.com, Exchange provided no way to view the journaled message and determine who was actually on the DL when it was expanded. With Exchange 2003 SP1's DL expansion support, envelope journaling retains DL membership with every journaled item. In the all@worldofmen.com DL example, then, you could determine from the DL journal that Peter and Susan Pevensie were on the DL, but Edmund Pevensie was not. This capability can be an important factor in proving chain of custody—an accounting of email evidence from the time it was originally created through to its presentation as evidence—should such email ever be subpoenaed. (For more information about adding the envelope journaling capability to pre-Exchange 2003 SP1 versions, see the Microsoft article "An update rollup is available to enable the Envelope Journaling feature in Exchange 2000 Server" at http://support.microsoft.com/?kbid=834634.)
Assemble an e-discovery toolkit. Your e-discovery toolkit should contain utilities and software products that enable discovery of data outside the archive. Include in the toolkit both PST-discovery tools and backup-discovery tools, such as those listed in Tables 2and 3.
PST-discovery tools let you find and search all PSTs in your environment. One PST-discovery method is to search your drives for PSTs by using Windows Explorer's Search capability and copying the PSTs to a local machine, then using a desktop search engine such as Microsoft Outlook's Lookout add-on, MSN Desktop Search, or Google Desktop to index and search them, which could be quite time-consuming. Another method is to use a specialized third-party tool for PST discovery and/or in-place PST search, such as any of the tools that Table 2 lists.
Backup-discovery tools that let you rapidly extract email messages from backup files can help you in two ways. First, they can eliminate the mix of Exchange recovery technologies—Exchange recovery servers, Recovery Storage Groups (RSGs), the ExMerge tool, Deleted Item Retention, and Deleted Mailbox Retention—that you typically need to juggle when trolling large numbers of backup tapes looking for specific email evidence. Second, if you have an archive deployed in house, such tools can help you extract relevant email records from backups and move those records into the archive, so that you don't need to recover those records from backup media in the future.
Consider the Data
When developing an e-discovery plan for your company, it's important to consider both email data inside your archive (if you have one) and email stored in other nonarchive locations. Your goal should be to increase the percentage of email records stored within the archive relative to that outside the archive. To do so, you'll need to gradually migrate data from your backups into your archive and shorten the amount of time email stays on your production Exchange servers prior to archival. By performing mailbox and hardware inventories and assembling the right mix of tools for archiving and retrieving email records, you'll be able to shape an e-discovery strategy that works for your company.
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
