Email discovery—the process of fulfilling a legal request to provide archived email messages, typically as evidence in a civil or criminal court case—has become more important than ever. Compliance regulations, along with a tremendous growth in email traffic and a corresponding growing need for email storage, are forcing companies to scrutinize their electronic discovery (e-discovery) processes to ensure that they can produce specific archived messages on demand. Earlier this year, a cross-industry consortium called the Electronic Discovery Reference Model (EDRM) Project (http://www.edrm.net) published a work-in-process document that provides a standard for developing e-discovery products and services. The EDRM consists of various sections that describe requirements for different stages of the e-discovery process, as Figure 1 shows. Let's examine two of these sections, Identification and Records Management, and some ideas they provide Exchange administrators for implementing an e-discovery plan in an Exchange Server environment.
Identification
In a compliance investigation, everything hinges on your ability to produce evidence—for example, for a Freedom of Information Act (FOIA) request, a Securities and Exchange Commission (SEC) investigation, or a lawsuit. Your first step in producing such evidence is to identify individuals implicated in the request (custodians, in legal terms), along with any relevant concepts, timeframes, and company events of interest. Then you'll need to scope the underlying data that should be examined.
As an Exchange administrator, you can make identifying email-related evidence easier by establishing and maintaining both current and historical versions of the following Exchange inventories:
Mailbox inventories. Inventory and document all users who have mailboxes in your environment. To do so, you can use a third-party Exchange reporting tool or use Microsoft's CSVDE utility to export Active Directory (AD) user information to a comma-separated value (CSV) file. (For more information about CSVDE and its parameters, see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/ library/serverhelp/1050686f-3464-41af-b7e4016ab0c4db26.mspx.) Your inventory should include at least the following information for each mailbox user: display name, user account, organizational unit (OU), email address, Exchange server name, Information Store (IS), department, title, and city. This inventory will let you quickly look up the history or location of a mailbox for a given period of time, thereby reducing the effort (and guesswork) involved when you need to dig out old email messages by recovering mailbox files from backup media.
PST inventories. End users will create personal folder files (PSTs) unless you've blocked this functionality. (For more information about disabling PSTs, see the Web-exclusive article "Dealing with .pst Files," November 2003, InstantDoc ID 40961.) Do you know where all the PSTs are in your environment? To find out, you can start by running the following Dir command—which generates a list of all PSTs and their owners—on your file server and saving the results to a text file:
Dir *.pst /s /q
Since the vast majority of PSTs are typically saved on local workstations, you'd need to get creative with logon scripts (e.g., write a logon script that runs on each workstation and sends a list of PSTs found to a central location for analysis) or use a systems management tool such as Microsoft Systems Management Server's (SMS's) inventory-collection feature to obtain a complete picture of all PSTs in your environment.
Hardware inventories. Although you're probably doing this already, you need to compile an up-to-date inventory of all hardware—including wireless devices such as BlackBerry handhelds and PDAs—used by everyone in your environment. Since many devices contain an email cache, at some point you might have to be able to identify them quickly if they're of interest to an investigation. Numerous options exist for hardware-inventory tracking, ranging from manual tracking in a Microsoft Excel spreadsheet to asset-tracking software, such as the products that Table 1 lists.
Archival and Records Management
The terms archive and compliance are often incorrectly used to mean the same thing. Deploying an email archive is one of the most important compliance tasks you can perform, but doing so is by no means sufficient for achieving compliance. In its simplest form, an email archive is simply a repository for records. Most email-archive solutions available today include records-management functionality, which lets them store email data in a manner that's securable, readily retrievable, easily searchable, and auditable. Some key email-archiving products include Symantec's Veritas Enterprise Vault, Quest Software's Archive Manager (formerly AfterMail), ZANTAZ EAS, Open Text's LiveLink ECM, and HP StorageWorks Reference Information Storage System (RISS). (For more information about email-archiving solutions, see "Regulatory Compliance," September 2005, InstantDoc ID 46946.)
Purchasing an archive is analogous to buying a fireproof safe for your home. The safe is valuable only if it contains the records you need to preserve. For example, if you have to produce your home-ownership papers and they're in the safe, the discovery process will be relatively simple for you. If, however, you keep these and perhaps other important documents in other places, you could spend hours or even days sifting through the piles of paper in your office and home trying to find the documents you need. Thus, an archive's real value lies in how it simplifies and centralizes the storage of important documents. Merely having a safe or an archive isn't enough, though, if you have many papers or millions of records; in this case, you need sophisticated searching and other records-management functionality to accomplish discovery as quickly as possible.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
Don't Miss 3 Introductory PowerShell Lessons! Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Previous
Register
