Wednesday, May 28, 2014

Daily Blog #339: A short product recommendation

Hello Reader,
     If you are like me then searching, de-duplicating and producing email for review is one of the banes of your existence. You would think that such fundamental task would have been solved in the mainline tools we use but all of their limitations turn the process of producing email into a bit of a nightmare. I've used a series of tools in the past to accomplish this with varied success:
Transend Forensic Migrator (which is good for all sorts of things)
FTK (which in recent versions has become less reliable in exporting and processing email, much less deduplicating)
Paraben Email Examiner

None of which made the process as easy or simple as Sherpa Soft's Discovery Attender did for me today. Now I've heard from many friends over the years that I should get a copy of this software as many people where doing in house basic ediscovery with it, but I didn't try it out. I finally broke down and got a copy and let me tell you, its what it claims to be.

I was able to search 34 archives of email, it supports ost and psts, search emails and attachments, deduplicate and produce to PST all within a couple hours. I'll wait to see what pitfalls lie in wait for me but for now, very happy with this product and can recommend it as a solution for others trying to solve this problem.

Grab a copy here, http://www.sherpasoftware.com/microsoft-exchange-products/discovery-attender.shtml , for those that are wondering I didn't get as much as a discount for this post. I paid full price and tested it prior to even thinking about writing. Right now I'm downloading a fresh Windows 7 vm and Kali Linux so I can write up the credential stealing series.