2

The company I work for is in the middle of a legal dispute. As part of the dispute we have been asked to provide all emails SENT TO or RECEIVED from a list of 141 individuals during a 4 month time span.

There are about 12 people in the company, we use Outlook 2010, and our mail is hosted Exchange. The hosting company said they cannot help us, other than to export all our mail to PST and send to us, which doesn't seem like much help at all. They also said it would take "a few days" to give us the exported PST files. We have to provide the applicable messages to the lawyers in 2 days so we have to do something now.

Is there a fast or scripted way to search and extract messages from our OST files?

As it stands, it seems like we will have to perform two manual searches per name: One search for messages FROM the person then a search for mail TO the person times 141 names. That's 282 searches per user, times 12 users. The searches are not quick either, since users have about 4-6 GB OST files.

What would you do in this situation? Am I out of luck?

sysadmin1138
  • 135,853
David
  • 123

3 Answers3

2

Yes you're out of luck if your hosting provider won't help you out. Exchange discovery is ALWAYS done on the server (I've never even attempted it otherwise). If you give them the proper export-mailbox commands, will they run them for you and ship you the PST? Or better yet, if you're on Exchange 2010, will they run a mailbox discovery and give that to you? It seems like your provider isn't being very cooperative if that's the case. Time to switch providers after you sink tons of hours into your discovery. Maybe look into an email archiving and discovery solution like what's offered by Postini so you don't have to do this in the future.

Also, I would advise against procrastinating this much next time. I'm sure your subpoena didn't come with a 2 day deadline.

Jason Berg
  • 19,334
0

You can do a domain "wildcard" search of all mail items in Outlook. If these 141 names have email addresses in the same domain (companyA.com) you can search for all mail items from @companyA.com. That will populate the search window with the results, from which you can bulk move these messages to another folder and export them from there. Alternately you could print the messages from the search results (again in bulk I think). It may not be the best method but it is a method.

joeqwerty
  • 111,849
0

As Jason pointed out, normally this kind of request is satisfied by tools run directly against the Exchange server. Parsing through the PST/OST files is a vastly more complex task, and is largely manual as pointed out by joeqwerty.

Commercial solutions exist for this kind of thing. They are not free, and the complexity of doing this kind of thing is why they are not free. You're looking for eDiscovery tools, which is the industry I work in now. Pricing industry-wide is generally by the gigabyte.

With only 12 users of data to sort through, manual methods are within the realm of reason. It'll be a couple of long days, but it can be done. However, if the searches required are too diverse (those 141 names are each in their own email domain) you may have to outsource the searches to meet your deadline.

sysadmin1138
  • 135,853