When a Construction Company learned its core, profit-making divisions were to be sold to a new Group, the Company’s IT department had to take steps to ensure it could assume legal responsibility for past contracts and be able to respond to any future eDiscovery requests.
For more than a decade, the Construction Company had been managing the secure retention of its email records using the third-party email archive, HP/Autonomy EAS, which held around 4,000 staff mailboxes as well as many millions of emails captured by the Microsoft Exchange journal service.
They now had to extract this data (as the EAS archive would need to be de-commissioned to save costs) but they faced some significant hurdles in ensuring this data would be protected, manageable and readily discoverable:
Faced with these challenges and a small time-window in which to prepare its data in readiness for a takeover, Essential Computing, experts in email archive migration, were invited to establish the optimum solution.
This is how they went about it:
Step 1 – Agree on a Neutral Format Archive: It was determined that PST files would make a good interim file format that could easily be ingested by any archive or email storage system such as Exchange or Office 365. Moreover, if the PSTs were organised according to individual users, the relevant PSTs could be quickly identified and readily ingested into an eDiscovery platform in the event of an investigation request.
Step 2 – Extract All Mailbox Archives: This step was also straightforward. Essential simply used TransVault Migrator to export emails from the legacy EAS archives into individual PST files – creating one PST file per archived mailbox or ‘user’.
Step 3 – Extract Individual Journal Archives for all Users: As with most email archives, the journal archive in EAS comprised one archived ‘mailbox’ containing millions of single-instanced emails. Each email was stored alongside a list of all the individual addressees that appeared in the original message header. This included the FROM, TO, and CC addressees as well as anyone included the BCC field or whose address was part of a distribution list at the time the email was sent.
In order to build individual journal PST files, Essential would need to create a copy of the original email for each sender and recipient. And, to ensure a reliable data set for eDiscovery purposes, it was vital to accurately match the original email addresses found in the archived message header with the right ‘PST owners’.
This step would prove to be challenging, as during analysis, Essential discovered four times more ‘individuals’ in the journal archive than the total number of staff members the Company had ever employed (and this excluded anyone outside of its email domain).
This was not a surprise as it’s not unusual for the same user to have more than one ‘moniker’ in an organisation’s email system. Typical reasons include:
To manage the process of analysing and rationalising the journal contents, and then subsequently creating an accurate set of individual ‘personal journal’ PSTs, Essential used TransVault’s new Compliance Time Machine service.
Step 4 – Exclude Duplicates: Finally, to avoid creating any duplicate emails, Essential used TransVault Migrator to simply skip any item it had already processed when extracting the corresponding mailbox PST from the archive.
The end result was to create two PST files per individual:
The Company now had a complete as possible record of its legacy emails, together with complete freedom over where its data could be moved to meet their future needs
Journal Migration, Migrate