cancel
Showing results for 
Search instead for 
Did you mean: 

Using eDiscovery to search on Internet Mail Header

Denis_Methot
Level 4

We just purchase eDiscovery and one thing that would be nice to be able to do is to search on Internet Headers, like for potentially IP addresse. Does anyone know if its possible and if it is how to go about in doing the search.

Thx

1 ACCEPTED SOLUTION

Accepted Solutions

Liam_Finn1
Level 6
Employee Accredited Certified

I do not believe that the IP address in the header is indexed so searching for IP will not work as far as i know.

 

EV dies index the header but not all data in the header. Stuff like from, to, cc, bcc, date, time, and so on.

View solution in original post

2 REPLIES 2

Liam_Finn1
Level 6
Employee Accredited Certified

I do not believe that the IP address in the header is indexed so searching for IP will not work as far as i know.

 

EV dies index the header but not all data in the header. Stuff like from, to, cc, bcc, date, time, and so on.

Bailine
Not applicable
Employee Accredited

Traditionally, analysis of extended header information present on email has been a Forensics use case.  However, as the lines between Forensics and pure eDiscovery are blurred we see Forensics creep into eDiscovery and vice versa.

Clearwell - Now Part of Symantec offers full extended header viewing capabilities.  During processing Clearwelly globally de-duplicates all ESI within the corpus.  Despite having access to search and review a single copy of an email, in this case, the reviewer has full access to every duplicate's extended header information.

In the attached example our reviewer has access to extended header information for the three copies of our email in a pop-up like view.

Thanks.

Bret Bailine

Sr. Manager, Systems Engineering

US Federal Government

www.symantec.com/clearwell