2

The company I work for is in the middle of a legal dispute. As part of the dispute we have been asked to provide all emails SENT TO or RECEIVED from a list of 141 individuals during a 4 month time span.

There are about 12 people in the company, we use Outlook 2010, and our mail is hosted Exchange. The hosting company said they cannot help us, other than to export all our mail to PST and send to us, which doesn't seem like much help at all. They also said it would take "a few days" to give us the exported PST files. We have to provide the applicable messages to the lawyers in 2 days so we have to do something now.

Is there a fast or scripted way to search and extract messages from our OST files?

As it stands, it seems like we will have to perform two manual searches per name: One search for messages FROM the person then a search for mail TO the person times 141 names. That's 282 searches per user, times 12 users. The searches are not quick either, since users have about 4-6 GB OST files.

What would you do in this situation? Am I out of luck?

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
David
  • 123
  • 4

3 Answers3

2

Yes you're out of luck if your hosting provider won't help you out. Exchange discovery is ALWAYS done on the server (I've never even attempted it otherwise). If you give them the proper export-mailbox commands, will they run them for you and ship you the PST? Or better yet, if you're on Exchange 2010, will they run a mailbox discovery and give that to you? It seems like your provider isn't being very cooperative if that's the case. Time to switch providers after you sink tons of hours into your discovery. Maybe look into an email archiving and discovery solution like what's offered by Postini so you don't have to do this in the future.

Also, I would advise against procrastinating this much next time. I'm sure your subpoena didn't come with a 2 day deadline.

Jason Berg
  • 18,954
  • 6
  • 38
  • 55
  • I was notified yesterday. No clue when the subpoena came in, but I'm certain it wasn't yesterday either. I'm sure we'll get an extension, but I still need to know how to get the messages I need. I am going to have to get the job done, and want to do it in the most efficient manner possible. – David Sep 20 '11 at 21:24
  • @Zoolander... er, I mean Blue Steel: That sounds typical. Someone higher up sat on the info and notified you at the last minute and now you're going to spend several sleepless nights getting the job done. I'm with you in spirit. – joeqwerty Sep 20 '11 at 21:28
  • @joeqwerty Thank you for your thoughts and prayers. – David Sep 20 '11 at 21:51
  • Glad to add my 2 cents. Remember... the files are IN the computer. :) – joeqwerty Sep 20 '11 at 22:19
0

You can do a domain "wildcard" search of all mail items in Outlook. If these 141 names have email addresses in the same domain (companyA.com) you can search for all mail items from @companyA.com. That will populate the search window with the results, from which you can bulk move these messages to another folder and export them from there. Alternately you could print the messages from the search results (again in bulk I think). It may not be the best method but it is a method.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Yeah, so far it looks like I need to use Outlook search capability, and go from PC to PC. It seems like I might be able to put the list of names all in the FROM search box seperated by semi-colons, and then select every folder and sub folder and search. It looks like it seperates each name with an OR type search which is great. It works well with a small number of names, but I'm not sure if the search string will be to long with 141 names. Prepping the string now... – David Sep 20 '11 at 21:50
0

As Jason pointed out, normally this kind of request is satisfied by tools run directly against the Exchange server. Parsing through the PST/OST files is a vastly more complex task, and is largely manual as pointed out by joeqwerty.

Commercial solutions exist for this kind of thing. They are not free, and the complexity of doing this kind of thing is why they are not free. You're looking for eDiscovery tools, which is the industry I work in now. Pricing industry-wide is generally by the gigabyte.

With only 12 users of data to sort through, manual methods are within the realm of reason. It'll be a couple of long days, but it can be done. However, if the searches required are too diverse (those 141 names are each in their own email domain) you may have to outsource the searches to meet your deadline.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296