01-13-2015 09:31 AM
Solved! Go to Solution.
01-28-2015 09:27 AM
Hello tad_17,
The aforementioned info that Jriemsma posted is correct in how to create an EV Search Task to search by email address. However, the Search emails by feature is only available when searching an EV Mailbox Archive Source and NOT an EV Journal Archive Source. I wanted to make the difference because you previously mentioned selecting an EV Journal Source.
I hope the info I provided comes in handy. If so and you feel that your question has been answered, kindly mark the post are solved :)
01-13-2015 09:48 AM
I think you would be best served by Discovery Accelerator or Clearwell. Do you have either of those?
01-14-2015 01:42 AM
yes sorry, I am using Clearwell to collect from EV. Do I just add the external email address as a custodian? It is showing up in my employee list then which doesn't seem right.
01-14-2015 02:20 AM
Hello tad_17,
Under EV Search Tasks it has the tab 'Filtering', this would allow you to filter by:
If you've not processed the collection set, it won't be possible to search under advanced search to do this as the EV data will not be present in the eDiscovery platform.
01-14-2015 08:37 AM
Hi Daly Whyte,
Thanks for your reply. Our system is synched with Active Directory so when I filter by Sender or Recipient etc I get the employee list. Do I add the external email address to the employee list?
Apologies, I know I am missing something obvious here..
01-20-2015 06:41 AM
Hello tad_17,
Where are you doing this filtering? This needs to be at the collection task level, as you set up the search parameters for the EV collection task.
Please let me know if this is what you're already doing or if I am misunderstanding.
01-20-2015 09:07 AM
Hi Daly Whyte,
Yes I am doing the filtering at collection task level. The steps I'm taking are as follows:
Hope this makes sense?
01-20-2015 11:53 AM
You're close.
You haven't mentioned what version of Clearwell you are using, but I we are running 8.0. I don't think this dialog has changed since 7.1.3 though.
So, You
I've attached a screenshot showing all the tabs I'm referring to.
Edit: The screens are the same if you are doing an actual collection, instead of an EV Search task.
01-28-2015 09:27 AM
Hello tad_17,
The aforementioned info that Jriemsma posted is correct in how to create an EV Search Task to search by email address. However, the Search emails by feature is only available when searching an EV Mailbox Archive Source and NOT an EV Journal Archive Source. I wanted to make the difference because you previously mentioned selecting an EV Journal Source.
I hope the info I provided comes in handy. If so and you feel that your question has been answered, kindly mark the post are solved :)
01-28-2015 11:12 AM
Nearly forgot to include screen shots from the EV Search Task that I ran in my CW v80 lab.
01-30-2015 12:47 AM
Jimmy Harris you are right, I was trying to do the search over an EV Journal Archive Source.
Thanks everyone for your replies.
01-30-2015 06:43 AM
Thanks for clarifying that Jim. I just have one more informational comment related to searching for a gmail account specifically.
1. Under Gmail > Settings > Accounts and Import, a gmail user can add additional (valid) e-mail addresses which they own to their gmail account. Gmail allows them to send e-mails from these other accounts. If they 'reply' to an e-mail from within gmail, the reply always comes 'from' the address it was sent to. However, if they were trying to be deceptive, they could just forward an e-mail. On a forwarded e-mail they can select any of their other e-mail addresses as the address to send from. This type of e-mail should still get caught in an e-mail search, but would not show up in a sender/recipient search.
2. If you are sending to a gmail account 'someone@gmail.com' You can append +sometext to the end eg. someone+fake1@gmail.com and the e-mail will still be delivered. Gmail just ignores the text after the '+'. This trick is commonly used to register to sites or services multiple times using the same gmail account. It could also be used to send to 'someone@gmail.com' and potentially avoid identification by software like Clearwell if the investigator is only searching for the exact email address of the gmail account.