Sometime next week I will be spending the night at a small business acquiring their email server. They suspect some wrong doing and someone deleting emails from their client machine so as to hide evidence.
Having acquired many a server I am OK with that, but, this will actually be my first email server. Are there any special tricks or pit falls to watch out for? We will be able to shut the machine down and do a normal acquisition, so, nothing new there.
Just wondering what I might not know that might hurt me.
Thank you!
What kind of mail server? Is it an integrated solution like MS SBS?
If you are imaging live, make sure you kill all services to the server
What email server is it, as their complexity varies dramatically! MDaemon vs. MS Exchange 2010..
No offence, but it does sound a little above your head??
This sounds to me like " I m going to jump of the cliff", "what do I need to know"?
Do you need mail folders of selected individuals" Do you really need to image the entire mail server? Is it clustered?
Do they have backups? Am I confident and sufficiently knowledgeable not to damage the server and not to cause a denial of service to the organisation? These are the questions you need to think about before doing anything else.