E-mail Database Search and Forensics
Archival | What is a Subpoena?
As litigation and other requests for e-mail from backup tapes grow more frequent, an enterprise may be wise to restore, consolidate and archive all of its old e-mail held in backup.
Historically organizations did not think of e-mail as an asset worthy of preservation. They did not archive it, though copies would end up in network backup.
But experience has taught that e-mail evidence can be critical to defense of a lawsuit or enforcement of a contract. Alternatively its disclosure might be required under a subpoena (see definition below), a court order, an administrative summons, an IRS tax audit or a freedom of information act request (FOIA). Further, e-mail might be needed in an investigation (led internally or by outside criminal prosecutors) of a bribe, a kickback, an overcharge, tax evasion or a embezzlement of money, or it might be needed for an audit of alleged misallocation of funds.
Archival
Greg Smith of Messaging Architects observes that repeated requests for e-mails from backup can warrant a change of thinking in the IT department. “While most backup software deals very efficiently with individual electronic records, it cannot provide the same level of access to email. This is because enterprise email exists as a record within a database (such as for Groupwise or Microsoft Exchange). The database must be restored in its entirety and searched in its entirety in order to ascertain the contents of the database. With database sizes exceeding 100GB and scores if not hundreds of tapes, the cost to restore and search the tapes can be considerable. Recovering records for selective users and dates may satisfy the current discovery requirement, but with each successive lawsuit, or changes in discovery parameters for an existing lawsuit, restoration from tape can become a recurring financial liability.”
Greg continues, “The practical solution is to remove the information from tape permanently and place it in an electronic records format where information can be retained and managed as individual records and not conglomerates of information. In such a format, individual email records can be sorted by user or date.”
Restored records can be archived in an open (non-proprietary) format, such as XML, which enables searchers to tap an ever-expanding array of search and forensics tools. XML may or may not qualify as "native format" as that term is sometimes used in court decisions, though XML may be a more useful format than whatever the native format was.
–Benjamin Wright
Mr. Wright is an advisor to Messaging Architects, experts in e-discovery and consultants in e-mail investigations.
Post Script What is a subpoena? A subpoena is a legal demand that someone turn over information or evidence. Commonly the laws of litigation enable a party to subpoena other parties for records or other evidence. Sometimes the law also invests the power to subpoena in an official who conducts investigations, such as a government auditor or an inspector general. If a party abuses the power to subpoena, by demanding irrelevant records or by issuing a demand with no regard for the cost of compliance, a court may sanction the issuer of the subpoena.
Recent Comments