Electronic discovery or what is popularly known as the E-discovery involves electronic means to identify, collect and also produce information stored in an electronic means or what is commonly known as the ESI. This is usually done during a legal investigation or when requested to produce the data or the information in a lawsuit. Mostly, electronically stored information or the ESI include the emails, presentation, voicemail, documents, audio files, databases and video files just to name but a few.
Most of the technologies or processes used during E-discovery are complex and complicated. This is mostly because of the massive volume or amount of electronic data or information produced or stored. Also, unlike in hardcopy evidence, electronically stored documents or data is more dynamic and will mostly contain metadata such as information relating to the recipient and the author, as well as time and date stamps.
When recovering electronically stored data for E-discovery, it is crucial that you ensure that the original metadata or content is preserved. Remember that the information or data is required for a legal purpose, it is, therefore, crucial to avoid claims of evidence tampering at all costs. There are many ways of recovering data for E-discovery and in this article, we will look at how one can use the Use In-Place E-discovery in Exchange Server.
How to use the In-Place E-Discovery to recover data
In order to use the In-Place E-Discovery in MS Exchange, you need to add the user to the Discovery management group. Adding the user to the Discovery Management group allows them to use the In-Place E-Discovery platform to look for messages or information across the mailboxes. This means that, you should be sure of the person you are adding as a user to avoid adding an irresponsible or hell-bound person who is likely to interfere with the information. It is also possible to perform a search in the Exchange Admin Centre or the EAC.
When searching in the Exchange Admin Centre, it is important to consider the following:
- The name- Your search can only be identified by using the right search name. It is therefore critical that you know what you are looking for.
- Sources- While doing your search, you might want to consider the specific mailboxes that you would want to base your search on. Knowing the particular mailbox to look for the information makes the recovery process fast, efficient and easier. In a case where you are unable to look for data in a particular mailbox as a result of data corruption, then you should consider performing a recovery exchange application.
- Search Query– To reduce the number of your search results, it is critical to use a certain search specifications or criteria. The search criteria should be relevant to your search or you can simply specify the specific mailbox. This is crucial so as to limit your search results. Limited search results will save you a lot of valuable time and manpower. Your search criteria should include things such as keywords, message types, senders, recipients, attachments etc.