eDiscovery Flashcards
What is eDiscovery?
Electronic discovery, or eDiscovery, is the process of identifying and delivering electronic information that can be used as evidence in legal cases.
What is core eDiscovery?
An eDiscovery solution that builds on the Content search functionality by enabling you to create eDiscovery cases and assign eDiscovery managers to specific cases.
What is content search?
A tool that searches for content across Microsoft 365 data sources (Exchange online, OneDrive for business, SharePoint Online, etc.) and can export the search results to a local computer.
What is advanced eDiscovery?
A tool that builds on Core eDiscovery’s functionality by providing an end-to-end workflow to manage, analyse and export content for an organization’s internal and external investigations.
What are the six stages of eDiscovery?
Identification - find docs that may have relevant info
Preservation - Protect identified data from tampering
Collection - transfer data to legal entities
Processing - prepare data for further review and analysis
Review - reduce data to what is relevant to case
Production - docs are exported to hand to legal.
What is the Unified Audit Log?
A centralized audit log that contains activities from most M365 services.
How long are Audit records kept?
90 - 365 days, depending on license.
Does MS let you export audits logs?
Yes, by using APIs or, for smaller logs sets, export to csv.
Can you configure alerts based on activities in the Unified Audit Log?
Yes.
What is advanced auditing?
A MS365 feature that brings three main features:
Long-term Retention of Audit Logs
Access to Crucial Events for Investigations
High-bandwidth Access to The O365 Management Activity API
requires extra licensing.
What does long-term Retention of audit logs do?
It lets organizations create log retention policies to keep information for up to 10 years. This helps them support long running investigations and respond to various obligations.
What does Access to Crucial Events for Investigations do?
It provides access to 4 crucial events in the aduit log
MailItemsAccessed - triggered by mail client or protocols
Send - triggered by sending, forwarding or replying to an email
SearchQueryIntiatedExchange - triggered by email searches
SearchQueryIntiatedSharePoint - triggered by SharePoint searches
What does High-bandwidth Access to The O365 Management Activity API do?
Allows organization that use the API to access Audit log data with a higher bandwidth limit.
That means less throttling and more real-time info. The base is 2,000 request per minutes, which gets dynamically increased on seat count and licenses.
