I thought I'd share something with you all that came up the other night.

I was assisting one of our junior staff members with a collections effort that involved Microsoft Exchange email stored on a RAID array based server.

The client had offered to use ExMerge and extract individual PST files prior to our arrival. Well, that turned out to be problematic, as luck would have it the server was having issues working with ExMerge and we were looking at a long drawn out process to collect those PST files.

So what did we do? Well we did what any other F-Response Consultant Edition license holder would do.

We handed the admin a USB disk with F-Response Consultant edition on it, plugged out collection laptop into their network, configured the simple F-Response GUI, and moments later we were looking at the RAID disk with our forensic collection laptop.

A few minutes later we had selected all of the Exchange EDB and STM files using FTK Imager and commenced the imaging operation. 

Our client's technical contact was surprised.. collecting a Live Exchange Server? This is not possible. 

Well, that's partially true, it was not possible before F-Response, now, for an F-Response customer, it's an easy and painless operation.

Now, for those skepics in the audience, the EDB and STMs were checked with multiple Email Evidence Analysis tools and each time they were completely accessible and un-corrupted.

The client? Well their server continued to do it's primary job, and that is to "serve" the business, with no interruption or loss of capability.

So, if you want the "E" in "E-Discovery" to stand for "Easy" and not just Electronic, get a no-risk trial of F-Response and get started on the road toward less stressful collection.

Lastly, check out the video below for exactly what a Live Exchange Server collection looks like..

 

 

Enjoy!

Warmest Regards,

M. Shannon, Founder

F-Response

November 13, 2008