Email discovery—the process of fulfilling a legal request to provide archived email messages, typically as evidence in a civil or criminal court case—has become more important than ever. Compliance regulations, along with a tremendous growth in email traffic and a corresponding growing need for email storage, are forcing companies to scrutinize their electronic discovery (e-discovery) processes to ensure that they can produce specific archived messages on demand. Earlier this year, a cross-industry consortium called the Electronic Discovery Reference Model (EDRM) Project (http://www.edrm.net) published a work-in-process document that provides a standard for developing e-discovery products and services. The EDRM consists of various sections that describe requirements for different stages of the e-discovery process, as Figure 1 shows. Let's examine two of these sections, Identification and Records Management, and some ideas they provide Exchange administrators for implementing an e-discovery plan in an Exchange Server environment.
Identification
In a compliance investigation, everything hinges on your ability to produce evidence—for example, for a Freedom of Information Act (FOIA) request, a Securities and Exchange Commission (SEC) investigation, or a lawsuit. Your first step in producing such evidence is to identify individuals implicated in the request (custodians, in legal terms), along with any relevant concepts, timeframes, and company events of interest. Then you'll need to scope the underlying data that should be examined.
As an Exchange administrator, you can make identifying email-related evidence easier by establishing and maintaining both current and historical versions of the following Exchange inventories:
Mailbox inventories. Inventory and document all users who have mailboxes in your environment. To do so, you can use a third-party Exchange reporting tool or use Microsoft's CSVDE utility to export Active Directory (AD) user information to a comma-separated value (CSV) file. (For more information about CSVDE and its parameters, see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/ library/serverhelp/1050686f-3464-41af-b7e4016ab0c4db26.mspx.) Your inventory should include at least the following information for each mailbox user: display name, user account, organizational unit (OU), email address, Exchange server name, Information Store (IS), department, title, and city. This inventory will let you quickly look up the history or location of a mailbox for a given period of time, thereby reducing the effort (and guesswork) involved when you need to dig out old email messages by recovering mailbox files from backup media.
PST inventories. End users will create personal folder files (PSTs) unless you've blocked this functionality. (For more information about disabling PSTs, see the Web-exclusive article "Dealing with .pst Files," November 2003, InstantDoc ID 40961.) Do you know where all the PSTs are in your environment? To find out, you can start by running the following Dir command—which generates a list of all PSTs and their owners—on your file server and saving the results to a text file:
Dir *.pst /s /q
Since the vast majority of PSTs are typically saved on local workstations, you'd need to get creative with logon scripts (e.g., write a logon script that runs on each workstation and sends a list of PSTs found to a central location for analysis) or use a systems management tool such as Microsoft Systems Management Server's (SMS's) inventory-collection feature to obtain a complete picture of all PSTs in your environment.
Hardware inventories. Although you're probably doing this already, you need to compile an up-to-date inventory of all hardware—including wireless devices such as BlackBerry handhelds and PDAs—used by everyone in your environment. Since many devices contain an email cache, at some point you might have to be able to identify them quickly if they're of interest to an investigation. Numerous options exist for hardware-inventory tracking, ranging from manual tracking in a Microsoft Excel spreadsheet to asset-tracking software, such as the products that Table 1 lists.
Archival and Records Management
The terms archive and compliance are often incorrectly used to mean the same thing. Deploying an email archive is one of the most important compliance tasks you can perform, but doing so is by no means sufficient for achieving compliance. In its simplest form, an email archive is simply a repository for records. Most email-archive solutions available today include records-management functionality, which lets them store email data in a manner that's securable, readily retrievable, easily searchable, and auditable. Some key email-archiving products include Symantec's Veritas Enterprise Vault, Quest Software's Archive Manager (formerly AfterMail), ZANTAZ EAS, Open Text's LiveLink ECM, and HP StorageWorks Reference Information Storage System (RISS). (For more information about email-archiving solutions, see "Regulatory Compliance," September 2005, InstantDoc ID 46946.)
Purchasing an archive is analogous to buying a fireproof safe for your home. The safe is valuable only if it contains the records you need to preserve. For example, if you have to produce your home-ownership papers and they're in the safe, the discovery process will be relatively simple for you. If, however, you keep these and perhaps other important documents in other places, you could spend hours or even days sifting through the piles of paper in your office and home trying to find the documents you need. Thus, an archive's real value lies in how it simplifies and centralizes the storage of important documents. Merely having a safe or an archive isn't enough, though, if you have many papers or millions of records; in this case, you need sophisticated searching and other records-management functionality to accomplish discovery as quickly as possible.
Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...
An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...
Free CDs Offer Fundamental Content for IT Pros Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Previous
Register
