Enterprise Recon automatically detects Microsoft Exchange / Outlook PST and OST files stored in any file location and will search its contents and identify each unique email and associated attachments containing sensitive information based on the search configuration used.
Within typical enterprise environments, large numbers of mailbox accounts can exist which when using conventional approaches may take an exorbitant amount of time to search. Using a feature unique to Enterprise Recon, enterprise customers have the ability to establish concurrent searches to rapidly scale the number of Outlook PST files that can be searched across multiple systems.
This article explains this concept further.
- Enterprise Recon (v1.x or 2.x)
- Multiple Enterprise Recon agents deployed
- Each Mailbox on your Exchange server exported to a PST file
- Exported PST files located diversely across multiple hosts where an Agent has been deployed in consistent directories - e.g. D:\PSTs
- No additional software or 3rd party modules are required
Exporting PST files
Depending on your version of Exchange, the command used to export mailboxes will differ. We've provided some articles for you to export depending on the version of Exchange used:
Exchange 2010+ - http://social.technet.microsoft.com/wiki/contents/articles/13908.bulk-export-mailboxes-to-pst-in-exchange-2010.aspx
Exchange 2007 - http://blogs.technet.com/b/exchange/archive/2007/04/13/3401913.aspx
Exchange 2003 - http://www.rackspace.com/apps/support/portal/6159
Once the PST files are exported, they should be spread across multiple hosts. Here is a recommended approach for distribution to achieve scanning of all mailboxes within 1 week. Average mailbox size is based on 1gb:
100 files - 5 systems
500 files - 25 systems
1000 files - 50 systems
2500 files - 125 systems
5000 files - 250 systems
10000 files - 500 systems
Scanning the PST files
1. Ensure PST files have been spread across known systems - ideally contained to the same group
2. Ensure all PST files are located in a consistent directory across all systems - e.g. D:\PSTs
3. Initiate a common scan across all systems containing exported mailboxes
- Set directory to D:\PSTs
- If using Enterprise Recon V2.0, we recommend setting an automated notification to alert upon completion of each systems scan
4. Upon completion of the scans, review results either at group level, or individual host level to determine any sensitive data findings across the PST files scanned.