Covert Recovery
Hi Foks,
I've been tasked with determining all received and sent mail from someones outlook mailbox. The user must not be aware of this. Having copies of each sent and received piece of email for the past 30 days would be the most ideal situation.
A sent and received log with header information wouldbe helpful also. Does anyone know the best method of getting this information completely and covertly.
Any guidance is much appreciated!
Thanks,
Bob
January 5th, 2011 3:08pm
Do you have message tracking turned on, and are you saving the files for a month? If not in either case, I'm afraid you are a bit lost.
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 3:12pm
What version of Exchange are you running? From 5.5 through 2007 you can utilities ExMerge by exporting the data from the online account out to PST
If you want to cover all data from historical backups in the past 30 days you would need to recover then you would need to use the Recovery Storage Group (only id you are using Exchange 2003 or 2007) and then export the data, merge PSTS etc.
Alternatively you may want to consider a 3rd party product like Lucid8's DigiScope
http://www.lucid8.com/product/digiscope.asp which will provide you with a much more robust set of capabilities
Troy Werelius
www.Lucid8.com
January 5th, 2011 3:15pm
BTW, something you can try, though I am fairly sure you won't see ALL the mail the user has sent and received for the last month, is connecting to the mailbox itself. I say you won't see all the messages because many will ahve been deleted, and if
the person is wary, the messages may also ahve been deleted from your dumpster. However, you will see a fair amount of the mail, since it will still be in the mailbox. You can also export the mailbox to another mailbox (using the Exchange "Export-Mailbox"
command on a system that has Outlook installed), which will give you the same information - and it can recover items that are in the dumpster (but not those that have been purged from it).
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 3:24pm
I do have message tracking turned on, I can see the log files going back about 3 weeks. Is there a way to view it in a more readable, searchable format?
Many thanks,
Bob
January 5th, 2011 5:23pm
Hmm not sure but you know eNow's Mailscape product may give you a nicer format but to get the actual emails you are going to have to use RSG or something like Lucid8's DigiScope to get to soft and hard deleted messages. Worth checking out anyway
http://www.enowconsulting.com/mailscape/overview.asp and I think they may have a 30 day evalTroy Werelius
www.Lucid8.com
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 5:28pm
Hi netadmin72,
We could use cmdlet get-messagetrackinglog to analyze the tracking log, please refer to below:
http://technet.microsoft.com/en-us/library/aa997573.aspx
MS also has a log analysis tool called log parser, we could download it from here:
http://technet.microsoft.com/en-us/scriptcenter/dd919274.aspx
Regards!
GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
January 10th, 2011 12:38am