Exchange & Outlook UPDATE, Exchange Edition, January 17, 2003

Exchange and Outlook UPDATE, Outlook Edition—brought to you by Exchange & Outlook Administrator, a print newsletter from Windows & .NET Magazine that contains practical advice, how-to articles, tips, and techniques to help you do your job today.
http://www.exchangeadmin.com


THIS ISSUE SPONSORED BY

FREE TRIAL CD

MICROSOFT MOBILITY TOUR
(below COMMENTARY)


SPONSOR: FREE TRIAL CD

Give your users the ability to send and receive fax documents from their e-mail system or a browser-based fax application!
http://www.faxback.com/w2kexchange

Save money, and make your users more productive. NET SatisFAXtion fax servers seamlessly integrate with all e-mail systems.

Register for our 30-day evaluation CD-ROM or call 800-329-2225, or email [email protected]


January 17, 2003 — In this issue:

1. COMMENTARY

  • Forensics and Your Exchange Server

2. ANNOUNCEMENTS

  • Windows Scripting Solutions for the Systems Administrator
  • Back by Popular Demand—Don't Miss Our Security Road Show Event!

3. HOT RELEASE (ADVERTISEMENT)

  • Tired Of Maintaining Multiple Directories?

4. RESOURCES

  • XGEN: Exchange 2000 Server and Exchange Server 5.5 Compatibility with Windows Server
  • Featured Thread: Server-Side Rule to Move Email to a .Pst File

5. NEW AND IMPROVED

  • Automatically Archive Email Messages
  • Submit Top Product Ideas

6. CONTACT US
See this section for a list of ways to contact us.


1. COMMENTARY
(contributed by Paul Robichaux, News Editor, [email protected])

  • FORENSICS AND YOUR EXCHANGE SERVER

  • Imagine a nightmare: You're sitting in your office, and your phone rings. It's the receptionist. "A man from the FBI is here to see you—something about a subpoena." The G-man walks into your office, waves a paper in the air, and announces that you are now legally required to produce a copy of all email stored on or sent through your server since 1999. As he drones on about chains of custody, stipulations, and evidentiary rules, you begin to fidget, then to sweat. As the agent moves closer to your desk, you suddenly awake in a tangled ball of damp sheets.

    OK, back to reality. The odds that you'll get such a subpoena are probably small. However, the technologies and requirements of computer forensics, especially as they pertain to Exchange systems, are interesting and worth learning about. Like knowing how to navigate by the stars, such knowledge might seem useless now but come in handy at a future time.

    "The American Heritage Dictionary" definition of "forensic" lists three meanings, but the third—"Relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law"—is the most relevant for us. The basic purpose of computer forensics is to accurately capture complete records from a target computer for use as evidence in a civil or criminal proceeding. The records can be captured in several ways, but not all of them meet the commonly accepted legal standards for forensic evidence. The name of the game in computer forensics is "exact copy"; that's the standard most evidence must meet.

    So, if you had to provide forensic data, how would you go about it? Tape backups often aren't acceptable; even though they contain the same data, the data is in a different physical form and thus isn't an exact bit-for-bit representation of the data on disk. For the same reason, files copied from the targeted server to another server usually won't suffice.

    The typical way to copy data for forensic analysis is to use a tool such as Guidance Software's EnCase ( http://www.guidancesoftware.com ) or New Technologies' SafeBack ( http://www.forensics-intl.com/safeback.html ) to make an exact copy of the target system's disks. These tools are superficially similar to Symantec's Ghost product family or PowerQuest's Drive Image 2002 but with an important distinction: The manufacturers have demonstrated that their products make a true copy, so prosecutors, government agencies, and the US courts accept the results.

    This approach is less practical—or even impossible—on systems that have multiple disks that can be scanned. For example, RAID arrays and Storage Area Networks (SANs) require special procedures to ensure that the data is copied in an acceptable way. One approach that I expect to catch on is the use of hardware tools such as WiebeTech's Forensic DriveDock ( http://www.wiebetech.com ), a nifty FireWire-to-IDE bridge that write-protects the drive. Attach an IDE drive, plug the Forensic DriveDock cable into a FireWire port, and you can mount the disk on your desktop to scan or copy it, with a guarantee that you won't affect the original data.

    Even though you might never have to provide forensic data, you might find computer forensics intriguing. For a fascinating discussion of the topic, read Debra Littlejohn Shinder's "Scene of the Cybercrime" (Syngress Publishing, 2002), a primer on forensic techniques and technologies. In the meantime, sweet dreams.


    SPONSOR: MICROSOFT MOBILITY TOUR

    THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
    Brought to you by Windows & .NET Magazine, this outstanding seven-city event will help you support your growing mobile workforce! Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. There is no charge for these live events, but space is limited, so register today!

    2. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR

  • You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today.

  • BACK BY POPULAR DEMAND—DON'T MISS OUR SECURITY ROAD SHOW EVENT!

  • If you missed last year's popular security road show event, now is your chance to catch it again in Portland, Oregon, and Redmond. Learn from experts Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Registration is free so sign up now!

    3. HOT RELEASE (ADVERTISEMENT)

  • TIRED OF MAINTAINING MULTIPLE DIRECTORIES?

  • Update Active Directory from HR, LDAP or any database. Imanami offers a simple and affordable tool that will synchronize your directory with your employee information while you get on with life! Evaluate to win Camera!

    4. RESOURCES

  • XGEN: EXCHANGE 2000 SERVER AND EXCHANGE SERVER 5.5 COMPATIBILITY WITH WINDOWS SERVER 2003

  • Each week, Microsoft posts several Exchange Server how-to articles to its Knowledge Base. If you anticipate installing Exchange 2000 Server or Exchange Server 5.5 in a Windows Server 2003 environment, you'll want to read this article first.

  • FEATURED THREAD: SERVER-SIDE RULE TO MOVE EMAIL TO A .PST FILE

  • Lp runs Exchange Server 5.5 on Windows NT 4.0 and is looking for a way to set up a server-side rule to move email sent to an Exchange mailbox or a public folder to a .pst file. If you can help, go to the following URL:
    http://www.winnetmag.com/forums/rd.cfm?cid=40&tid=52914

    5. NEW AND IMPROVED
    (contributed by Carolyn Mader, [email protected])

  • AUTOMATICALLY ARCHIVE EMAIL MESSAGES

  • IXOS announced IXOS-eCONserver for Exchange, a software module that automatically logs and archives all incoming and outgoing electronic messages for companies that must by law keep correspondence. The high and low watermark feature keeps users within their mailbox size limit by archiving excess email messages as soon as the user exceeds the limit. IXOS-eCONserver for Exchange automatically archives subfolder content at preset intervals. The software seamlessly integrates with Exchange. For pricing, contact IXOS at 650-294-5800 or [email protected].
    http://www.ixos.com

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions to [email protected].

    6. CONTACT US
    Here's how to reach us with your comments and questions:

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish