E-Discovery in Microsoft Exchange 2010: Part 7

The following post is part seven of a nine part video/blog series on e-discovery in Microsoft Exchange 2010. In the last edition, Paul and Marta talked about PST file management & personal archives. This week, they’ll discuss some of the common challenges with searching & indexing PDF files in Exchange. They’ll also look at Active Directory Rights Management and the importance of communication between IT and Legal in e-discovery. Enjoy!

Marta: You can be called to testify on anything that you’ve done as an agent of a company. So, it helps to keep a very strict chain of custody, a log in which you record who it was that asked you a certain question, when that question was asked – these sort of things. Because, if something should come up, you are, in the end, responsible for everything that you’ve done.

A telltale sign is shadiness. If you think a person is being shady about something – saying things like “Oh, don’t tell so and so about this.” – there’s definitely cause for alarm. It’s one thing to not inform their custodians (because they may be involved in the internal investigations), but it’s a completely different thing if you’re trying to keep information from the V.P., or something like that.

Paul: Right. Like, “Come do this search, but don’t tell anyone in HR or Legal.” That might be something that sends a warning.

Marta: Exactly. You certainly should get everything you can in writing. A lot of times, people have authority over you and what not, but you should still be able to get information in writing to cover your back. I mean, that’s what it comes down to, because, eventually, if there’s something that your company is liable for, you might have to testify. Under the bright lights and glare of an opposing counsel . . . Believe me, nobody wants to go through that.

Paul: Right. Many people like watching movies about courtroom drama; most people don’t like being in them.

Marta: Yeah. You want to avoid that at all costs. That’s for sure.

Paul: So, for multi-mailbox search, you have some parameters that dictate how searches are going to be executed. My experience with the search console has been that you don’t really need a ton of specialized training to be able to do the searches. However, it’s helpful to know some of the things that Exchange does and does not index.

Need extra manpower for a discovery request? Check out Sherpa Software’s e-discovery consulting services.

We talked early on about PDF files. Now, it would be a really good time for me to say that I’m not a huge fan of Adobe’s software – from both a security and usability perspective. I should get that out in the open. Exchange, though, didn’t ship with the ability to index PDF files by default.

Marta: Yeah, I think this is really a bit of a weakness, because a lot of data these days is in PDF format. As much as you might not care for them, and the challenges withstanding, they’re a de facto standard. And because of this, you really have to have some requirement within your organization that addresses searching for them. If you don’t search for them and are unaware that you aren’t searching for them, it’s a pretty big deal.

PDF files are challenging in that you have to have the external filters installed to search and index them. This is something that isn’t advertised up front, and if you don’t have them installed, your might be missing out on an incredibly large subset of data. Even if you do have them, there are still PDFs that aren’t searchable. They might be ‘image only’, or partly image, or encrypted. These are things that the IFilters can’t get around.

Paul: Well, in my experience, the big problem with search PDFs is that there are PDFs that are generated by Adobe software that Adobe’s own IFilter will not read. So, in this case, it’s not because they’re ‘image only’ or anything like that, but rather an incompatibility between the way that they’re generated and how they’re read.

Marta: Yeah. And there are default encryptions on PDFs that are created by Adobe to render a lot of the machine readers that are out there ineffective.

Paul: Then more broadly, I mean, there are many other data types that are not included in the default filter set that Microsoft ships. Now, there are partial workarounds with the separate set of Microsoft filters (which can index a number of file types that aren’t included in the basic package), but you still have to know to go out, get these filters, and install them. This raises some concerns on the e-discovery and indexing side of things. You have to know whether or not your search is inclusive of everything that you think it’s including.

Marta: Obviously, it’s a challenge – knowing that you can’t search for certain data types. At the same time, though, you have to be aware of them. You have to know ahead of time what you can and can’t do, and you have to communicate these things to your legal counsel. Tell them the conditions of the search, which data types you are searching, and which data types can’t be searched. Then ask, “What should we do about these unsearchable exceptions?”

One of the nice things about Exchange 2010 is that they do give you a list of exceptions – or things that you aren’t able to index. What you do with this list is as important as what you do with the searchable data types. Depending on the case, they might want to review the exceptions manually. This is why it’s important to maintain a high standard of communication between IT and Legal. Knowing the limitations of Exchange, as well as the advantages, is tantamount to preparedness.

Paul: One thing you mentioned earlier reminded me, I want to bring up the fact that, in Exchange 2010 (because it’s integrated with Active Directory Rights Management Services), you can actually search messages that have been protected by Rights Management. These are included by default in searching because the system can get what the RMS folks call a ‘used license’ that enables it to open and index the documents. Encrypted mail, on the other hand, will not be searched or indexed.

Read more about the Rights Management (RM) server and Microsoft Exchange 2010.

I just wanted to mention the capability to search RMS protected documents, because I’ve heard people voice concerns about being able to reach protected documents in the future. If, for instance, the person that protected the document leaves the company, the document will still be searchable as part of a discovery request.

Marta: Yeah, I think the most important thing is keeping in constant contact with your legal team about changes or implementations of new technology. For all of the business benefits that you get, there will be challenges. One of the big ones is electronic data discovery. It’s a fundamental requirement (from a legal point of view) that you are able to search and discover documents. As this is the case, you always have to take it into consideration when deploying new technology, like RMS. The technology itself is never an excuse. You’re liable for the data that you’re liable for, and you need to be able to search it.

Have you been faced with searching a data type that isn’t supported by the basic Exchange filters? How did you communicate the exception to your legal counsel? Give us your thoughts on these questions and some of the other limitations of Exchange 2010 in the comments below!

Thanks for stopping by! Learn more next time, when Paul and Marta will look at some of the external challenges that users face when managing litigation hold and retention policies in Microsoft Exchange 2010.

Leave a Reply

Your email address will not be published. Required fields are marked *