2 Logging Options for E-discovery in Exchange Server

In this article we discuss about the logging options in Ms Exchange and their specific usefulness.

You need to search for an In-Place e-Discovery, in order to find your content in all the mailboxes as well as public folders in your MS Exchange server. With the help of this, you can look for files and folders that have been permanently deleted or removed, or the original versions of the files which have been changed or modified at a later date.

Things to Keep in Mind Before You Commence the Procedure:

In-Place e-DiscoveryBefore you start with this In-Place e-Discovery in MS Exchange, you need certain assigned permissions. Only after this, you can go through with this procedure. So make sure you have the access to these permissions. You must also ensure that you have a corresponding account in MS Office 365, for every single Exchange mailbox in your organization. This will make it easier for you to look up for cloud-based mailboxes. You can also create separate Discovery mailboxes, which will help you in copying the search results.

The Types of Logging Options Available in e-Discovery searches

There are basically two kinds of logging options that are available to you in e-Discovery searches. These are the following:

1. Basic Logging

The Basic Logging is there in your in-Place e-Discovery search by default, which means, you don’t have to activate or enable it separately. Basic Logging will generate you the details of such a search, along with the information of the person who performed this search. You will be able to see the information that is gathered under this Basic Logging option, in the body of the email. This is the same email that is sent to the email box where all your search outcomes have been stashed away. The said email message is stored in the particular folder that has been formed for this very purpose, that is, to keep these search results.

2. Full Logging

Example Of Search With Log Level Full CriteriaThe Full logging option gives you information of all those messages that have been rendered by the search results. This particular information is given to you in comma separated values, also known as the (.csv) files. This .csv file is attached with the email that contains the information in relation to the basic logging. The .csv file uses the same name as the search name.

This information may be used to keep records for yourself or for the purposes of compliance. If you do not activate the full logging option, your e-Discovery search will automatically have the Basic Logging option activated. To be able to activate full logging, you need to click on ‘Enable full logging’ while you are copying the outcomes of the search into the Discovery mailbox, which is there in the Exchange Admin Center, also known as the EAC.  You can also consider extracting the results into a PST file using an OST to PST file conversion tool.

EAC is the super easy, user friendly search interface that can be used by people who are in the non technical department, like the legal or compliance officers, or people in the human resource department, or record managers, etc.

Note that if you happen to use the Exchange Management Shell, you will have to determine the option of Full Logging through the use of ‘Log Level’ parameter.

Author Introduction:

Van Sutton is a data recovery expert in DataNumen, Inc., which is the world leader in data recovery technologies, including repair Outlook pst email and bkf recovery software products. For more information visit www.datanumen.com

Comments are closed.