Capturing Specific ...
 
Notifications
Clear all

Capturing Specific Inbound/Outbound Emails

8 Posts
5 Users
0 Likes
548 Views
(@creeshie)
Posts: 11
Active Member
Topic starter
 

Hi All,

I was after some advice on alternative ways to collect any inbound and outbound email from multiple accounts through Exchange 2007.

My initial thoughts were to use F-Response and FTK Imager to acquire the live EDB, then use Nuix to process and search for the required content.

I need to have some alternatives as costs may be an issue in this matter. I was wondering if anyone knew of ways this could be handled at exchange level without altering metadata of the mail, enable rules on mail criteria etc?

Thanks

 
Posted : 09/11/2012 4:31 pm
(@bithead)
Posts: 1206
Noble Member
 

If you document your steps, what is the issue with creating rules?

 
Posted : 09/11/2012 5:16 pm
(@creeshie)
Posts: 11
Active Member
Topic starter
 

Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.

 
Posted : 09/11/2012 5:22 pm
(@eyez0n)
Posts: 29
Eminent Member
 

We have had a lot of luck with using Paraben's Network Email Examiner to convert .edb's into .pst's or into individual .eml's. The only problem we have seen is with larger .edb's (i.e., 250GB+) where it tends to choke and freeze. The unfortunate issue in that scenario is that there is no resume functionality once you restart the conversion process although you can usually figure out where it failed and re-initiate the process manually from the failure point. I cannot recall the cost for NEMX but seem to remember that it was fairly reasonable. Do note that the conversion process is quite slow with NEMX.

 
Posted : 09/11/2012 7:04 pm
(@bithead)
Posts: 1206
Noble Member
 

Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.

OK. I just read the "I need to have some alternatives as costs may be an issue in this matter", part and thought rules to deliver to multiple mailboxes and then analyze those smaller objects would not require as many resources as examining the Exchange message store.

FWIW You might get some ideas from these F-Response videos
Real World F-Response - Email - Nuix Desktop
F-Response on a Live Microsoft Exchange Server + Paraben's Network Email Examiner
More Live Exchange Server with EnCase 6.12

 
Posted : 09/11/2012 8:27 pm
(@patrick4n6)
Posts: 650
Honorable Member
 

I was going to suggest something like Brightmail that can filter and run rules on email outside of your Exchange server, but that may not work with a tight budget.

This email is not an endorsement of Brightmail nor Symantec, I'm merely using it as an example.

 
Posted : 10/11/2012 12:44 am
(@creeshie)
Posts: 11
Active Member
Topic starter
 

Thanks for the posts guys

 
Posted : 12/11/2012 6:25 pm
(@cults14)
Posts: 367
Reputable Member
 

Depends how tight "tight" is. I use Sherpa Discovery Attender for Exchange frmo Sherpa Software

Regards

 
Posted : 20/11/2012 8:14 pm
Share: