Finding a Needle in the Email Haystack

email search kroll ontrackConsider the number of email messages and mailboxes stored in your organization’s Microsoft Exchange server backups. If you needed to find a single email message in your backup, how long would it take? Traditional methods of granular Exchange item restoration, such as using single mailbox or “brick-level” backups, are typically very slow and often expensive due to the additional storage space required. Another alternative – restoring a full backup to a recovery server – can take many hours to complete and requires an additional hardware purchase. Even with these alternatives, manual searching through the backup to find the items you need is still necessary.

Kroll Ontrack has taken a new approach to email restoration based on data forensics. In one case, Kroll Ontrack helped one organization when they needed to collect pertinent email data for a possible patent infringement lawsuit. As with many litigation situations, IT administrators were tasked with identifying, preserving, and collecting potentially relevant metadata from live environments, as well as backups, with minimal disruption and resources. The organization’s legal department gave the IT team two days to collect emails from users who may be involved. Due to the time constraints given by Legal’s request, the production Exchange server could not be taken offline or disrupted. To make matters even more difficult for the IT department, there wasn’t adequate resources available to setup a recovery server or bring in a third-party collection service. Additionally, the backups of the email from the requested time period were in a format that wasn’t currently supported.

Within minutes of installing the Kroll Ontrack PowerControls, the IT manager was able to begin extracting the Personal Storage Table (PST) files from the backups and Exchange Database (EDB) files. The team was able to rapidly browse the EDB files for the mailboxes of the custodians and identify the precise emails to extract, instead of having to collect a larger set of data, effectively reducing the amount of unnecessary data to analyze. Without Kroll PowerControls, the organization may have had to purchase an additional Exchange license or copy of the legacy backup software, setup a backup server, or contract a third party data collection company. And most importantly, the IT team was able to meet the legal department’s requirements by discovering the requested data and exporting it in a forensically sound format, a necessity when analyzing data in an eDiscovery platform.

The inability to retain and produce email records has cost organizations millions of dollars over the past few years, which only highlights the importance of having the right data collection tools available. With the right solution, IT teams can save valuable time and resources by capturing legacy data with no impact to the live production Microsoft Exchange Server. To learn more about how Kroll Ontrack can help your organization with email data maintenance, storage, and recovery, click here.

Related Articles