cancel
Showing results for 
Search instead for 
Did you mean: 

DA search for a particular SMTP address against the Journal - extracting the addresses

EVSpinner
Level 5

Afternoon all, I've been asked to do a search aimed at a particular user, and find out who they have emailed and who has emailed them over the last 6 months

I've setup a search in DA between the date ranges and specified in the Search Terms field, To or From Any Of and then the SMTP address I'm searching for, selecting only the Journal archive as the target

The search has run and surfaced 1000k hits, which I've accepted and now I'm trying to review. The requester wants a list of the SMTP addresses whom the user has emailed (outgoing), and a list of all the emails the user has received mail from (incoming)

I was thinking perhaps export the DA search results to PST and then pull into Exchange and try to extract the SMTP address via Powershell?

Is this a task I can achieve solely in DA? I'm pretty new to DA so still ready the manual. For exmaple, should I be targetting this user as a custodian, or have I misunderstood this function?

Does anyone have any inspiration for how else I could achieve this goal?

 

Thanks all

2 REPLIES 2

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

you might want to try enabling analytics on your case in DA but be prepared for very heavy SQL utilization and make sure you have a lot of room for the database and logs.

EVSpinner
Level 5

thanks Andrew, I'll give that a go. Many thanks