by Arman Gungor
When mailboxes are forensically preserved for eDiscovery or digital forensic investigations, their contents are almost always searched and filtered. Filtering emails helps overcome time, scope and cost constraints and alleviates privacy concerns.
There are two main ways of filtering emails—before and after the forensic acquisition. Each method has its pros and cons, which we will discuss here.
Filtering Emails After Forensic Collection
This method involves forensically collecting mailboxes entirely. Once the collection is complete, each mailbox would be ingested into eDiscovery or digital forensic investigation tools and searched before subsequent steps such as processing, analysis and review.
- Flexibility — Case requirements, keywords, date ranges are all subject to change. It is not uncommon for a legal team to discover more search terms after they have started document review. When you have access to the entire mailbox, you can go back and re-run your searches without having…
View original post 967 more words