The Sherpa Approach: Features and Limitations of Exchange E-Discovery


Published on

If you’ve wondered what the pros & cons are for using the inherent e-Discovery features of Exchange versus using a 3rd party e-Discovery tool like Sherpa Software’s Discovery Attender, this white paper outlines the details feature by feature.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The Sherpa Approach: Features and Limitations of Exchange E-Discovery

  1. 1. August 2012The Sherpa Approach: Features and Limitations ofExchange 2010 E-Discovery Since 2006, the topic of Electronic Discovery [e-Discovery] has been evolving and growing rapidly, in popularity and importance. Today, litigation (especially involving businesses) is no longer a question of if it will happen, but rather a question of when it will happen. As an IT, legal or compliance professional, it is your job to make sure your company is ready by having a plan and the right tools in place when that time comes. E-Discovery software is something no company should be without. And since you only have a certain amount of time once your organization has been asked to collect and present all relevant Electronically Stored Information [ESI], being proactive is critical. Microsoft has come to this realization and decided to include e-Discovery features in Exchange 2010 and recent service pack updates. The release of Exchange Server 2010 and subsequent service packs has many companies exploring some of the new native e-Discovery features. Why are people so interested in utilizing the e-Discovery features of Exchange? If an organization can rely solely on the inherent e-Discovery features within Exchange 2010, then there is no need to spend money on third party products. Unfortunately, for many organizations, the inherent features may not be sufficient. It is a Sherpa Software recommendation and best practice that our current and prospective customers look into all the features available to them within Exchange and to determine whether the e-Discovery features provided are sufficient. As with many first attempts, major limitations to the functionality of Exchange 2010 exist, and therefore, should be understood before deploying. Let’s take a closer look at Exchange 2010, its limitations and how third party e-Discovery software may be a better fit for your organization.A Closer Look at How exactly has Microsoft differentiated itself against older versions of Exchange? Recently, Microsoft’s areas of improvement within Exchange 2010 include its Multi-MailboxExchange 2010’s Searching feature and Role Based Access Control [RBAC].e-DiscoveryFeatures “Multi-Mailbox Search enables search of mailbox items, including email, attachments, calendar appointments, tasks and contacts. Exchange also indexes a long list of attachment types as well as Information Rights Management-protected content. Multi- mailbox search can work simultaneously across primary mailboxes, Personal Archives and recovered items with an easy-to-use, web-based console. To help streamline discovery processes, search results may be previewed with keyword statistics—before emails discovered through search are copied and moved to a specified mailbox, as defined by the administrator, for further investigation. Rich filtering capabilities include sender, receiver, message type, sent/receive date and cc/bcc, along with Advanced Query Syntax (AQS) support. Role Based Access Control now allows administrators to grant users such as records managers, compliance officers and litigators specific rights to perform multi-mailbox searches and other role specific tasks.” Another notable difference in Exchange 2010 is the interface for performing the searches, called the Exchange Control Panel (ECP), which now gives non-technical users (such as corporate legal teams or even outside counsel) the flexibility to conduct searches without having vast technical knowledge. 1 Microsoft Exchange Server 2010 - “Faster Discovery”: 1|Page Both types of policies can be combined on the same item or folder. For example, an email can be tagged so that it is automatically moved to the Personal Archive in 15 days and deleted within 45 days. Administrators can also use archive policies to control when messages are automatically moved from a primary mailbox to the Personal Archive.1
  2. 2. Exchange 2010 searches using basic search criteria such as sender or recipient addresses, date ranges, a set of mailboxes, data types (including IM conversations recorded to the conversation history folder, calendar items, notes, and Journal entries), attachment types, and attachment content. Users have the ability to combine these criteria using the standard Boolean (i.e. AND, OR) operators. When creating a new search, users will need to specify the target mailbox (a special mailbox called a “Discovery Mailbox”) where results should be stored. The option to enable the deduplication of search results also exists. Depending upon the reasons for performing an e-Discovery search, deduplication can be a significant time savings, but it may not always be legally permissible. When creating a new search in Exchange 2010, consider where the search results go. Because Exchange 2010 copies messages to a Discovery Mailbox, users are guaranteed that the Discovery Mailbox will have a complete set of search results, which can then be acted upon without touching the original source. If more than 1 Discovery Mailbox is needed, then those mailboxes need to be created using Powershell (not the EMC). This mailbox will be created with no access permissions and by using Powershell, it obviously increases the complexity of the project; making it improbable that a non-technical user will be able to accomplish the task at hand.E-Discovery Again, although seemingly vast improvements have been made to Exchange 2010, there are still issues and downsides to using the inherent e-Discovery features. The limitationsLimitations in (listed below) restrict its ability to be a fully featured e-Discovery solution for mostExchange 2010 organizations. Some of the limitations we’ve seen with Exchange Search include:  Only Searches Exchange 2010 Servers: Mailboxes that exist on legacy Exchange servers, as well as non-Exchange servers, cannot be searched. Additionally, PST files, file servers, file shares, archives, SharePoint, etc…cannot be searched.  Default Search Filters Limited: Standard Microsoft Office formats can be indexed by Exchange 2010, but there is limited support for other common formats such as the popular PDF file format. By default, the content of PDF messages is unsearchable.  No Public Folder Search: Organizations with a significant investment in public folders will find that they cannot search across public folder data using the native Exchange Search functionality.  Localization and Language Limitations: Emails written in multiple languages are not indexed by Exchange Search. In addition, queries made in a specific language must match the locale of the local computer doing the search.  Encrypted Messages Not Indexed: Messages encrypted with S/MIME encryption are not indexed and are subsequently not searchable. One major limitation that Microsoft is trying to turn into a positive is with the licensing of its Multi-Mailbox Search. In Exchange 2010, Multi-Mailbox Search required Enterprise CAL’s for every mailbox that users wished to perform such searches on. Starting October 1, 2012, Microsoft has announced that they are “making a change to Exchange 2010 licensing so you’ll no longer require an Enterprise CAL for Multi-Mailbox Search.” This is a big change from how they’ve licensed this in the past, virtually making these features completely free for public consumption. 2|Page
  3. 3. So, for organizations with light to medium discovery requirements, the built-in capability may be enough. But for organizations that must frequently perform discovery searches and have more complex search criteria or would like to search items stored outside of Exchange 2010 mailboxes, a third-party solution is much more appropriate. If the drawbacks within Exchange 2010 have you exploring alternative e-DiscoveryHow Discovery products, Sherpa Software’s Discovery Attender is definitely a tool worth considering.Attender Discovery Attender is a software product designed to automate the search and collection ofCompares to the electronically stored information (ESI) across a wide variety of platforms. This cost-effective solution empowers in-house talent to perform legal discovery on PST files, Exchange mailE-Discovery stores, file servers, file shares, archives and SharePoint, in a cost-effective, efficient andFeatures in reproducible manner. Discovery Attender streamlines the process of locating, culling and producing data for electronic discovery requests, compliance, internal investigations,Exchange 2010 regulatory inquiries and more. This application features a quick installation, intuitive search setup with a robust feature set unmatched for the price. In addition, the flexibility of the criteria will help answer the most challenging of requests. Searches can be customized by keywords (including wildcards, Boolean, proximity, RegEx and more), addresses, dates, and sizes over many common file formats. More specifically, Discovery Attender’s list of extensive search features (that Exchange does not provide) includes:  Searching of over 60 common types of document attachments  A host of powerful search criteria including regular expressions and fuzzy search terms  Search results saved in a variety of different formats (including PST files) to be shared with third parties or imported into case management tools  Searches a wide variety of ESI, including network PST files, public folders, archives, file shares and more Once you’ve acquired your data, Discovery Attender gives you a number of options for organizing, reporting, and exporting your data. The result options include: deduplication, indexing, annotation, and MD-5 hashing. Export formats support copying items to PST files and also to native formats (including .MSG files for email messages). Most importantly, for every search, action, and export, Discovery Attender maintains a meticulous log detailing who searched what, where, when, and how. Why is that important? Maintaining a log of the chain of custody is very important to all legal cases because you need to ensure that everything about how this information was collected is readily available to both litigation teams. It’s also important to demonstrate that proper protocol was followed throughout.Conclusion Approximately every three years, Microsoft releases an updated version of the Exchange Server. It should be no surprise that in Exchange 2010 and subsequent service packs, they have included improved e-Discovery features. Email and electronically stored information is already one of the most important pieces to legal proceedings in this day and age. If you don’t have the proper tools to collect, manage and search electronically stored information, you could end up spending a lot more than you anticipated on discovery, and could face sanctions and fines by the court. As an IT, legal, or compliance professional, it is your job to make sure you have a plan and the right tools in place for when e-Discovery 3|Page
  4. 4. litigation goes from if to when. While Exchange Server 2010 provides basic discovery capabilities, it is Sherpa Software’s opinion that they may not be adequate for all organizations. We still encourage all of our customers and prospective customers to make this determination for themselves, along with their legal and IT departments. If in fact you come to the conclusion that you need a more fully featured e-Discovery solution, please explore what Sherpa Software’s Discovery Attender has to offer. To get more information on Sherpa Software’s e-Discovery solution, or for more on our perspective, contact us at About Sherpa For over 10 years Sherpa Software has provided IT Professionals with award-winning Software information management software specifically designed to address email management, archiving, e-discovery, PST management and compliance requirements for Lotus Notes and Microsoft Exchange environments. Based in Pittsburgh, Pennsylvania, Sherpa’s solutions are practical, reliable and affordable and have been installed at thousands of organizations worldwide. Their products offer flexible architectures that streamline administrative processes without requiring any additional hardware or add-on components. Sherpa Software is an IBM Premier Business Partner and a Microsoft Certified Partner. For more information about Sherpa Software, visit Washington AvenueBridgeville, PA 15017www.SherpaSoftware.com1.800.255.5155 4|Page
  5. 5. About the Author Ned joined the Sherpa Software team in November 2010. As the Sales & Marketing Associate, Ned is responsible for marketing, sales, channel and technical support aspects. He oversees all day-to-day tasks concerning software support renewals for the channel sales team while also acting as a liaison between the Channel and Marketing Departments. With the marketing team, Ned’s main focus is content creation. Each month, he writes numerous blog posts, company positioning pieces and his fan favorite “Off the Topic” articles, which are sent to almost 30,000 newsletter subscribers. As for Ned’s technical support responsibilities, you can find Ned chatting with and helping customers via our “Live Chat” function. Overall, Ned accomplishes a wide range of business-critical functions for the team at Sherpa Software.Ned graduated from Duquesne University in 2010, where he received a Bachelor’s of Science in BusinessAdministration, specializing in Entrepreneurship and new business creation with a minor in Spanish.Ned is an avid sports enthusiast. In his time at Duquesne, he was heavily involved with the Men’s Club VolleyballTeam, not only as an active team member and player but also as President and Captain. Ned still enjoys playing incompetitive volleyball tournaments during his summers, along with other activities like basketball, hockey, boxing,and running. He also loves other languages, cultures and its people – particularly Spanish. Ned spent time in Spainwhere he was immersed in the language and culture while also taking classes at the Universidad Pontificia deSalamanca (Salamanca, Spain). He hopes to visit Spain again in the future. 5|Page