You can access the user's legal hold data from endpoints such as computers and mobiles by using WebDAV.
You can also access MAPI-based backup of emails through WebDAV. Following are the advantages:
- inSync now supports multiple file formats - PST, MAPI to export email data through WebDAV, providing IT and legal teams with flexible options to collect data on legal hold.
- Every email backed up using MAPI is made available through WebDAV in the EML file format, calendar events are available in ICS file format, and contacts are available in VCF file format.
- A broad range of eDiscovery tools can support ingesting the EML file format which is the format in which inSync exposes MAPI emails through WebDAV.
- This enhancement is available only with Elite editions of inSync On-premise.
To know more about Messaging API (MAPI) that inSync uses to optimize efficiency for Outlook backups, see FAQs on how inSync backs up Outlook PST files. To know how the MAPI-based backed up data is arranged, see How the MAPI-based backup of emails data is arranged?
Step 1 of 2: Obtain WebDAV access details
To access legal hold data using WebDAV, you must obtain the WebDAV access details. The WebDAV access details include your credentials and URLs to the storage where user data resides. If the users’ data is backed up on multiple storage, multiple WebDAV URLs are created.
To obtain the WebDAV access details
- Click the relevant legal hold policy.
- Click Data Access. The data access URL and authentication details appear in the WebDAV Access Details area.
Step 2 of 2: Select a method for WebDAV access
You can access WebDAV by using the following methods:
- Access WebDAV by using HTTP connectors within eDiscovery tools
- Access WebDAV by using a mapped network drive
- Access WebDAV by using a web browser
Access WebDAV by using HTTP connectors within eDiscovery tools
inSync can be used to preserve data backed up from devices of users who are on legal hold. inSync provides WebDAV access to the preserved data. eDiscovery HTTP connector can be used to collect the preserved data and parse through the data and help data custodians to analyze and act on them.
For more information about creating a legal hold policy and accessing the WebDAV using Recommind, see Create legal hold using inSync. For more information about how Recommind can be integrated with Druva inSync to mine data under inSync’s legal hold, see Using Druva inSync with Recommind.
For more information about creating a legal hold policy and accessing the WebDAV using AccessData, see Create legal hold using inSync. For more information about how AccessData can be integrated with Druva inSync to mine data under inSync’s legal hold, see Using Druva inSync with AccessData.
Access WebDAV by using a mapped network drive
Before you begin
If you are using a self-signed certificate, before you access WebDAV, you must first install the self-signed certificate as a Trusted Root Certificate. However, we recommend that you install and use a certificate signed by a Trusted Certificate Authority (CA). Using a self-signed certificate might involve potential security risks.
To access WebDAV by using a mapped network drive
- Ensure that WebClient service is running on your computer.
- Click the Start menu.
- Right-click Computer > Map network drive. The Map Network Drive window appears.
- On the Map Network Drive window, provide the appropriate information for each field.
Select a drive and enter the WebDAV URL. For example: https://restore-c1-cloud.druva.com/webdav/Legal Hold Policy 1.
- Select the Connect using different credentials check box.
- Click Finish. The Enter Network Password window appears.
- On the Enter Network Password window, provide the username and password of the inSync administrator or legal administrator, and then click OK.
Before you begin
If you are using a self-signed certificate, before you access WebDAV, you must first install the self-signed certificate by using the Keychain Access utility in Mac. By using the same utility, you can then update the Trust setting for this certificate and mark it as a certificate that is always trusted for all users. However, we recommend that you install and use a certificate signed by a Trusted Certificate Authority (CA). Using a self-signed certificate might involve potential security risks.
- Open Finder.
- On the menu bar, click Go > Connect to Server. The Connect to Server window appears.
- In the Server Address, type the WebDav URL. For example: https://restore-c1-cloud.druva.com/webdav/Legal Hold Policy 1.
- Click Connect.
- On the Enter Network Password window, provide the username and password of the inSync administrator or legal administrator, and then click Connect.
Access WebDAV by using a web browser
You can use a web browser to access the legal hold data via WebDAV, and then download the legal hold data to your computer. If the download fails or is interrupted, then you can resume the download by using download manager add-ons that are available for your web browser. The download manager resumes the download from right where it was interrupted.
To access WebDAV by using a web browser
- Open a web browser.
- In the address bar, type the WebDAV URL and press Enter.
Note: If you are using a self-signed certificate, an untrusted certificate alert appears. Depending on the browser that you are using, you can click Proceed anyway, I Understand the Risks, or Continue to proceed. However, we recommend that you install and use a root certificate signed by a Trusted Certificate Authority (CA) because using a self-signed certificate might involve potential security risks.
- Type the username and password.
- Click Ok.
How legal hold data is arranged
After the WebDAV authentication, the legal hold policy folders appear. The hierarchy of the legal hold policy folders is as follows:
Before a user is put on legal hold, inSync has backed up data multiple times. During these times, the user can modify or rename folders and files at multiple occasions. Therefore, inSync appends a version number is appended in the backed up folders and file names. This version number indicates the snapshot number in which the folder or file is modified or renamed. A snapshot is a “point in time image” of the backup folders and indicates the state of the backup folders, which at a particular point of time.
If you view all backup data, then different versions of the same folders and files appear. For example:
- My Documents,v1/Jellyfish,v2.png
- My Documents, v1/Jellyfish,v3.png
Where, v2 and v3 are the second and the third version of the same file. This means that the user has modified Jellyfish.png twice.
If you view the last backup data of users, only the latest versions of the folders and files appear. This means that you will see only one version of the folders and files. For example:
- My Documents, v1/Jellyfish,v3.png
Where, v3 is the latest version of the file.
For more information about viewing all backup data, see View snapshots of backup data.
How the MAPI-based backup of emails data is arranged?
inSync displays the emails of end users who are on legal hold and whose data is backed up by using MAPI through WebDAV in the following structure:
- inSync exposes only the emails, contacts, and calendar events through WebDAV. Each MAPI data item is displayed in the following file formats:
- Every email is displayed in .eml file format.
- Every contact is displayed in .vcf file format.
- Every calendar event is displayed in .ics file format.
- The data items are grouped based on year > month > date for ease of accessibility.
- inSync maintains the original folder hierarchy of MAPI messages, and displays the data as follows:
- The WebDAV URL of the folder shows the folder's display name and the inode number.
- inSync retains and exposes the mtime attribute for all MAPI-backed up emails, calendar events, and contacts that are exposed through WebDAV.
However, the following most commonly used attributes are available in the EML file itself:
- Date Sent
- Time Sent
- Date Received
- Time Received
- Name or Unique Identifier of the attachment
- Message ID
- Text or Message Body
- SHA1 Hash
- On WebDAV, the data is arranged per the following convention:
<device-name>/<fset name>/<pst name>/<actual folder hierarchy>/<time based folder hierarchy>/<message>
- <fsetname>: The name of the MAPIfset, which can be Outlook Advanced or Outlook All PSTs based on the configuration. For example, Outlook Advanced,v2 in the following illustration.
- <pst name>: The name of the PST as seen in the Outlook settings.
- <actual folder hierarchy>: The folder such as Inbox, Outbox, Sent Items, and so on as well as the version information. For example, Calendar-13iCalendar-13iCalendar-13iCalendar-13i,v2 in the following illustration.
- <time based folder hierarchy>: The folder in YYYY/MM/DD format based on the time the message was received. For example, 2016,v2/March,v2/10,v2 in the following illustration.
- <message>: The file format based on the message type, such as, .eml, .vcf, or .ics format.
For example, .ics files that are displayed in the following illustration: