Hi All,
I was after some advice on alternative ways to collect any inbound and outbound email from multiple accounts through Exchange 2007.
My initial thoughts were to use F-Response and FTK Imager to acquire the live EDB, then use Nuix to process and search for the required content.
I need to have some alternatives as costs may be an issue in this matter. I was wondering if anyone knew of ways this could be handled at exchange level without altering metadata of the mail, enable rules on mail criteria etc?
Thanks
If you document your steps, what is the issue with creating rules?
Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.
We have had a lot of luck with using Paraben's Network Email Examiner to convert .edb's into .pst's or into individual .eml's. The only problem we have seen is with larger .edb's (i.e., 250GB+) where it tends to choke and freeze. The unfortunate issue in that scenario is that there is no resume functionality once you restart the conversion process although you can usually figure out where it failed and re-initiate the process manually from the failure point. I cannot recall the cost for NEMX but seem to remember that it was fairly reasonable. Do note that the conversion process is quite slow with NEMX.
Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.
OK. I just read the "I need to have some alternatives as costs may be an issue in this matter", part and thought rules to deliver to multiple mailboxes and then analyze those smaller objects would not require as many resources as examining the Exchange message store.
FWIW You might get some ideas from these F-Response videos
I was going to suggest something like Brightmail that can filter and run rules on email outside of your Exchange server, but that may not work with a tight budget.
This email is not an endorsement of Brightmail nor Symantec, I'm merely using it as an example.
Thanks for the posts guys
Depends how tight "tight" is. I use Sherpa Discovery Attender for Exchange frmo Sherpa Software
Regards