Capturing Specific Inbound/Outbound Emails

If you document your steps, what is the issue with creating rules?

Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.

We have had a lot of luck with using Paraben's Network Email Examiner to convert .edb's into .pst's or into individual .eml's. The only problem we have seen is with larger .edb's (i.e., 250GB+) where it tends to choke and freeze. The unfortunate issue in that scenario is that there is no resume functionality once you restart the conversion process although you can usually figure out where it failed and re-initiate the process manually from the failure point. I cannot recall the cost for NEMX but seem to remember that it was fairly reasonable. Do note that the conversion process is quite slow with NEMX.

Probably nothing, just wanted to preserve the original mail as much as possible and see if there were other options methods out there that could be used.

OK. I just read the "I need to have some alternatives as costs may be an issue in this matter", part and thought rules to deliver to multiple mailboxes and then analyze those smaller objects would not require as many resources as examining the Exchange message store.

FWIW You might get some ideas from these F-Response videos
Real World F-Response - Email - Nuix Desktop
F-Response on a Live Microsoft Exchange Server + Paraben's Network Email Examiner
More Live Exchange Server with EnCase 6.12

I was going to suggest something like Brightmail that can filter and run rules on email outside of your Exchange server, but that may not work with a tight budget.

This email is not an endorsement of Brightmail nor Symantec, I'm merely using it as an example.

Thanks for the posts guys

Depends how tight "tight" is. I use Sherpa Discovery Attender for Exchange frmo Sherpa Software

Regards