RE: Tools and Tips - Exchange

From: Peter W. Jones (pjones@car-inc.com)
Date: Fri May 17 2002 - 08:48:46 PDT

Next message: boo boo ball: "What do the following conditions lead you to believe?"

Previous message: Keith Tyler: "RE: Tools and Tips - Exchange"
Maybe in reply to: David Walker: "Tools and Tips - Exchange"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David,

Take a look at Microsoft's EXMERGE utility. The tool is intended to
facilitate mailbox moves. The first step of EXMERGE's two step move process
dumps the contents of a list of mailboxes to PST files. The trick is to
never run step 2. You are left with the set of PST files and the mailboxes
are intact. No need to take any systems away. The process can be scripted
and EXMERGE will take files with mailbox lists as inputs.

You could also roll your own using the CDO library. CDO makes manipulating
mailboxes programmatically pretty straight forward.

All of this assumes that you have sufficient privs on the servers. If you
don't it gets a little more complicated. Hope this helps,

Pete


-----Original Message-----
From: Keith Tyler [mailto:ktylerat_private]
Sent: Friday, May 17, 2002 11:10
To: 'David Walker'; forensicsat_private
Subject: RE: Tools and Tips - Exchange


If you have software like arcserve 2k exchange agents you could backup their
mailbox's every hour or half hour. That will save their sent and received
mail. You could also enable mail tracking.

-----Original Message-----
From: David Walker [mailto:david.walker@rosebank-house.co.uk]
Sent: Thursday, May 16, 2002 3:46 PM
To: forensicsat_private
Subject: Tools and Tips - Exchange


Does anyone know of the existence of neat tools for the examination of 
large MS Exchange installations.
Or have you any good techniques for securing evidence of the activities 
of a few people when it is not possible to take the system away for 
examination.

Dave Walker
-- 
David Walker

E-mail: david.walker@rosebank-house.co.uk


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: boo boo ball: "What do the following conditions lead you to believe?"
Previous message: Keith Tyler: "RE: Tools and Tips - Exchange"
Maybe in reply to: David Walker: "Tools and Tips - Exchange"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 17 2002 - 08:53:31 PDT