Opus Technologies Recovers Mailboxes from Crashed Exchange Server, Restores Email Connectivity

Digital Evidence Ventures Recovers Mails from Decommissioned Servers for Forensic Analysis and Fight Corporate Litigation

Digital Evidence Ventures (DEV) is a digital forensics and eDiscovery firm based in Sacramento, California. It provides digital forensics services and litigation support to law firms and businesses in the areas of computer and cell phone forensics. DEV is led by ex-FBI agents and non-practicing attorneys who help attorneys and businesses gather and analyze the data to obtain evidence to resolve litigations or help businesses to make informed decisions.

One of the clients of Digital Evidence Ventures needed help with a corporate litigation where they had an order to preserve all emails from the mailboxes of a decommissioned server. The client organization needed to extract the mailboxes from the archived EDB files of the decommissioned server to allow forensic analysis.

Key Challenges

The key 'technical' challenge was faced with restoring the mailboxes of the decommissioned server without the original server setup and AD configuration. Also, the client organization was in urgent need of restoring the emails for responding to the order on time.

The following sections summarize the key challenges faced by DEV forensic experts:

  • Restoring the Decommissioned Server
  • As the server was decommissioned, it would require the team to rebuild the domain with Exchange and domain controller for mounting the database and restoring the mailboxes. However, this standard restoration proceed didn't guarantee success as the transaction log files were missing and the AD was not available. Further, force mounting the database could potentially affect the mailbox data and turn it invalid as evidence.

  • Time Scarcity
  • Restoring a decommissioned server is a time-taking process. It could take several hours to weeks to restore the decommissioned server and extract mail data for analysis. However, the client needed to preserve the information and evidence at the earliest possible to proceed and fight the litigation.

Business Need

Following were the key business needs:

  • Recover and preserve mailboxes from a decommissioned Exchange server
  • Gather the required information and evidence within the shortest time span

Mailbox Recovery Attempts

As the EDB files couldn't be mounted, the only solution left was to extract the mailboxes from the EDB files in a way that could serve as a forensic evidence.

DEV team tried to extract the mailboxes by using forensic toolkit from Parabens® and Access Data®. Paraben Forensic Toolkit supports the Exchange database (EDB) file and export emails to PST. However, it could not extract the required information and was unable to display the required emails, email content, and custodians of the mails stored in the EDB files. Also, the deleted mail items when exported to PST were not tagged separately, leading to a difficulty in distinguishing between the exported emails. The team experienced similar issues with Access Data Forensics Toolkit.

Solution

After assessing a few forensic toolkits, DEV team came across Stellar Toolkit for Exchange; a software suite that "converts" offline and hosted EDB files and extracts mailboxes without dismounting the database. The tool can extract mailboxes including deleted emails from the EDB files of a decommissioned or inactive server.

The team downloaded the free trial version of Exchange toolkit from Stellar and used it to scan the archived EDB files, copied from the decommissioned Exchange server. The tool was able to scan all the mailboxes and preview the mailbox contents, including email body text, attachments, contacts, calendar, etc. It could also find and preview the deleted emails.

After verifying the mailbox data, the team decided to activate the software and extract the required emails in PST file.

Result

The toolkit allowed extraction of the required mailbox data and provided custodian information needed for the lawsuit. It helped in preserving the emails and other mailbox data required by the client organization for further investigation.

Key Benefits

Stellar Toolkit for Exchange helped Digital Evidence Ventures to find and preserve the mailboxes for its client organization. The toolkit saved the required mailboxes to PST files with original integrity, as verified using the Preview feature. The software served as an efficient solution to extract the mailboxes in the given time span.


quote

This is a very handy and easy to use software that I would recommend to anyone.

quote
Client

Digital Evidence Ventures


Business Need

Recover mails from a decommissioned server and preserve the mailbox data for forensic analysis


Solution

Stellar Toolkit for Exchange


Benefits

- Exported the mailboxes to PST for preservation and forensic analysis

- Extracted the mailbox data with minimal effort and time


"Stellar is the best tool for EDB processing and should be targeted at Digital Forensic/eDiscovery Industry."

Simon Varley, Senior Forensic Examiner, Digital Evidence Ventures

WHY STELLAR® IS GLOBAL LEADER

Why Choose Stellar?

  • 0M+

    Customers

  • 0+

    Years of EXCELLENCE

  • 0+

    R&D Engineers

  • 0+

    Countries

  • 0+

    PARTNERS

  • 0+

    Awards Received