Arctera™ Insight eDiscovery Help

Last Published:
Product(s): Veritas Alta Archiving (1.0), Veritas Alta eDiscovery (1.0)
  1. About Arctera Insight eDiscovery
    1.  
      Introducing Arctera Insight eDiscovery
    2.  
      Insight eDiscovery key features
    3.  
      Insight eDiscovery term definitions
  2. Getting started with Insight eDiscovery
    1.  
      What's new in this release
    2.  
      Signing in to Insight eDiscovery
    3.  
      Logging off from Insight eDiscovery
    4.  
      Resetting a forgotten password
    5. About the Insight eDiscovery user interface
      1. About the left navigation pane
        1.  
          Investigations tab
        2.  
          eDiscovery tab
      2.  
        About the title bar options
      3.  
        About the search bar
      4.  
        About the bottom navigation bar
      5.  
        About the Details pane
    6.  
      Accessing your own archived emails
  3. Insight eDiscovery roles
    1.  
      About account roles and Insight eDiscovery
    2.  
      Account role
    3.  
      Reviewer role
    4.  
      Administrator role
    5. Assigning account roles
      1.  
        Assigning the Reviewer role to an account
      2.  
        Assigning the Administrator role to an account
  4. Managing investigations
    1.  
      About Investigations
    2. About Targeted Collections
      1.  
        Adding targeted collection for Microsoft Teams
      2.  
        Adding targeted collection for OneDrive for Business
      3.  
        Adding targeted collection for Exchange Online
      4.  
        Adding targeted collection for Enterprise Vault
      5.  
        Adding targeted collection for data import
      6.  
        Managing Insight Capture collectors from Insight eDiscovery
      7.  
        Sending collected data to cases
    3. About Analytics Dashboard
      1.  
        Performing query searches using Analytics Dashboard
    4.  
      About Managed Accounts
    5. About Searches in investigation
      1.  
        Creating a new search
      2.  
        Saving searches as on-going and standard searches
      3.  
        Viewing previously executed but unsaved searches during an investigation
      4. Updating on-going and standard searches
        1.  
          Updating on-going and standard searches from Mailbox
        2.  
          Updating an on-going or a standard search from Managed Accounts
      5.  
        Exporting a summary report of searched items
      6.  
        Deleting searches
    6.  
      About Hit Highlighting
    7. Working with searched emails
      1.  
        Applying tags and legal hold to emails
      2.  
        Applying labels to emails
      3.  
        Exporting searched emails
      4.  
        Exporting a search summary report for emails
      5.  
        Reassigning emails
      6.  
        Hiding and unhiding emails
      7.  
        Deleting emails permanently
    8. Working with searched collaboration messages
      1.  
        Searching collaboration messages during investigation
      2.  
        Applying tags and legal hold to collaboration messages
      3.  
        Applying labels to collaboration messages
      4.  
        Printing MS Teams messages to PDF during investigation
      5.  
        Exporting collaboration messages
      6.  
        Exporting a search summary report for collaboration messages
    9. Working with searched files
      1.  
        Working with Audio-Video files
      2.  
        Applying tags and legal hold to files
      3.  
        Applying labels to files
      4.  
        Exporting searched files
      5.  
        Exporting a search summary report for files
    10. Working with Advanced ECA searches
      1.  
        Creating an Advanced ECA search
      2.  
        Updating an Advanced ECA search
      3.  
        Filtering an Advanced ECA search
      4. Applying tags to the Advanced ECA search items
        1.  
          Applying tags to emails in Advanced ECA search
        2.  
          Applying tags to collaboration messages in Advanced ECA search
        3.  
          Applying tags to files in Advanced ECA search
      5. Applying labels to the Advanced ECA search items
        1.  
          Applying labels to emails in Advanced ECA search
        2.  
          Applying labels to collaboration messages in Advanced ECA search
        3.  
          Applying labels to files in Advanced ECA search
      6. Exporting the Advanced ECA search items
        1.  
          Exporting emails from Advanced ECA search
        2.  
          Exporting collaboration messages from Advanced ECA search
        3.  
          Exporting files from Advanced ECA search
      7. Exporting an Advanced ECA search summary report
        1.  
          Exporting a search summary report for emails
        2.  
          Exporting summary report for collaboration messages
        3.  
          Exporting summary report for files
      8.  
        Reassigning emails from the Advanced ECA search
      9.  
        Printing the selected Advanced ECA searched items
      10.  
        Deleting an Advanced ECA search
    11.  
      Creating archive sets during investigation
    12. About Mail Reassignment
      1.  
        Reassigning emails
      2.  
        Viewing email reassignment status
      3.  
        Canceling the email reassignment activity
      4.  
        Generating a Mail Reassignment status report
      5.  
        Viewing mail reassignment notifications and status reports
    13. About labels
      1.  
        Creating a label
    14. About legal holds
      1.  
        Viewing the Legal Hold status of items
      2.  
        Viewing legally hold items
    15. About Tags
      1.  
        Updating tags
      2.  
        Removing items from tags
      3.  
        Deleting tags
    16. About search log
      1.  
        Viewing and exporting search log report
    17. About transcription of media attachments
      1.  
        Viewing transcription of media attachments
  5. Managing cases
    1.  
      About cases
    2.  
      About case workflow summary: eDiscovery Administrator
    3.  
      Creating case review statuses
    4.  
      Creating cases
    5.  
      Adding parent tags and their child tags
    6.  
      Applying tags to the searched items in cases
    7.  
      Removing tags of the searched items in cases
    8.  
      Viewing case details
    9.  
      Editing cases
    10. About searches in eDiscovery
      1.  
        Performing searches within cases
      2.  
        Saving searches in Review sets and Research sets
      3.  
        Viewing previously executed but unsaved searches a case review
      4.  
        Modifying saved searches of cases
      5.  
        Applying a search-level legal hold
      6.  
        Assigning review sets to reviewers
      7.  
        Generating a search summary report
  6. Managing case documents
    1.  
      Understanding document sets in cases
    2.  
      Moving case documents to production sets
    3. Understanding Archive Search
      1.  
        About Archive Searches
      2.  
        Creating research sets and archive sets
  7. Managing redaction reasons
    1.  
      About redaction reasons
    2.  
      Adding redaction reasons
    3.  
      Editing redaction reasons
    4.  
      Deleting redaction reasons
  8. Managing reviews
    1.  
      About reviewing cases
    2. Reviewing emails
      1.  
        Accessing emails for review
      2.  
        Searching for the exact Insight Surveillance item for review
      3.  
        Applying tags to emails
      4.  
        Exporting emails
      5.  
        Exporting a search summary report for emails
      6.  
        Adding notes to emails
      7.  
        Applying review status to emails
      8.  
        Viewing audit history of emails
      9.  
        Printing emails
      10.  
        Restoring emails
      11.  
        Forwarding emails
    3. Reviewing collaboration messages
      1.  
        Accessing collaboration messages for review
      2.  
        Applying tags to collaboration messages
      3.  
        Applying legal hold to collaboration messages
      4.  
        Applying and removing review status to collaboration message
      5.  
        Exporting collaboration messages
      6.  
        Exporting a search summary report for collaboration messages
      7.  
        Adding notes to collaborative messages
      8.  
        Viewing audit history of collaboration messages
      9.  
        Printing MS Teams messages to PDF during eDiscovery
    4. Reviewing files
      1.  
        Accessing files for review
      2.  
        Applying tags to Files
      3.  
        Applying or removing legal hold to files
      4.  
        Applying and removing review status to files
      5.  
        Exporting files
      6.  
        Exporting a search summary report for files
      7.  
        Adding notes to files
      8.  
        Viewing audit history of files
      9.  
        Downloading files
    5.  
      Annotating and redacting email and file content in native viewer
  9. Managing production sets
    1.  
      About Production Sets
    2.  
      Moving items to production sets
    3.  
      Removing items from a production set
    4.  
      Locking and unlocking production sets
    5.  
      Configuring production set export options
    6. Exporting production sets
      1.  
        Exporting an individual production set for emails, collaboration messages, or files
      2.  
        Exporting a collective production set for emails, collaboration messages, and files
  10. Annotating and redacting content in native viewer
    1.  
      About annotations and redactions
    2.  
      Native viewer capabilities
    3.  
      Understanding the native viewer interface
    4.  
      Annotating email and file content
    5.  
      Redacting email and file content
    6.  
      Printing the annotated and redacted document
    7.  
      Downloading the annotated and redacted document
  11. Managing exports
    1.  
      About exports
    2.  
      Performing exports in Investigation and eDiscovery
    3.  
      Viewing export details of native documents
    4.  
      Viewing export details of production sets
    5.  
      Resubmitting failed export items
    6.  
      Option to maintain folder structure in the export
    7.  
      Canceling Export Batch
    8.  
      Email export FAQ
  12. Collaborative reports
    1.  
      About collaborative eDiscovery reporting
    2.  
      Report by email: Audit trail
    3.  
      Report by Case: Case History
    4.  
      Report by Case: Case Summary
    5.  
      Report by Archive: eDiscovery dashboard
  13. Insight eDiscovery alerts
    1.  
      Creating an alert
  14. Email Continuity
    1.  
      Managing Email Continuity
    2.  
      Viewing Continuity emails
  15. Methods for searching cases and accounts
    1.  
      Performing Advanced Search and Query Search
    2.  
      Search syntax for Advanced Search
    3.  
      About stop words and special characters
    4.  
      About Hit-highlighting and navigating to searched terms
    5.  
      Phrase searches
    6. Boolean operator searches
      1.  
        AND operator search
      2.  
        OR operator search
      3.  
        NOT operator search
      4.  
        About using multiple Boolean operators
      5.  
        About using Boolean operators with phrase searches
      6.  
        About Boolean operators and special characters
    7.  
      Wildcard searches
    8.  
      Proximity searches
    9.  
      Double-byte character set searches
    10.  
      About enhanced searches in Japanese
    11.  
      Searchable attachment types
    12.  
      Search examples and tips
  16. Methods for searching tables and reports
    1.  
      About Quick Search and Criteria Search
    2.  
      Searching tables, lists, and reports
  17. Insight eDiscovery Frequently Asked Questions
    1.  
      Frequently Asked Questions
  18. Best practices, limitations, and known issues
    1.  
      Best practices and limitations with Insight eDiscovery
    2.  
      Known issues with Insight eDiscovery
  19. Insight eDiscovery updates in previous releases
    1.  
      About the Insight eDiscovery updates in previous releases

Search examples and tips

Examples of using Basic, Advanced, and Query Searches

Suppose you want to search for the messages that relate to the resetting of a password. You can enter password reset into the Search box and click Search to perform a Search. The space between password and reset is treated as an AND operator, so the returned results contain any messages that include both the word password and the word reset.

Suppose that you now decide to search for the phrase password reset, and to exclude from the results any emails that reference the word Box. You can use an Advanced Search for this purpose. Click the expand icon to display the Advanced Search options. Your original Search is now shown in the first criteria row.

Insert double quotation marks around password reset to specify it as a phrase. Then click + to add a second criteria row. In the new criteria row, select Doesn't Contain and enter Box in the text field.

Click Search to perform the search. The search returns any items that do not contain Box but that contain the exact phrase password reset.

Table: List of query search terms lists some possible query search terms along with examples.

Table: List of query search terms

Search term

Data type

Description

Example

_All, Entiremessage

Text

Searches through all default fields. Add search criterion before query text/value.

_All:(test or test2)

"hello world"

Entiremessage:test

Attachments.content

Text

Search by attachment content.

Attachments.content: "Hello World"

Attachments.extension

Text

Search by attachment file type (PDF, DOC, docx, and so on.)

Attachments.extension:docx

Attachments.filename

Text

Search by the file name of the attachment.

Attachments.filename:Report.PDF

Attcount

Integer

Search by the amount of attachments.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Attcount:6

Attflag

Boolean

Search by whether there is an attachment.

Attflag:true

Atttext

Text

Search the content of the attachments.

Atttext:Computers

Atttypes

Text

Search by the attachment type.

Atttypes:PDF

Bcc

Text

Search by blind carbon copy recipients.

Bcc:JoeBlogs@example.com

Sender:*@example.com

Cc

Text

Search by carbon copy recipients.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Cc:JoeBlogs@example.com

Sender:*@example.com

Classification.tags

Text

Search by classification tags.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Classification.tags:PII

FromOrTo

Text

Search the text in the From and/or To fields of the email.

FromOrTo:JoeBlogs@example.com

Hidden

Boolean

Search whether email is visible to end user or not.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Email Hidden:

Hidden:(1)

Email Visible:

NOT Hidden:(1)

Inbound

Boolean

Search inbound emails.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Inbound:false

Internal

Search and retrieves only internal messages exchanged within the same organization.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

To include internal emails, use: Internal:(3).

To exclude internal emails, use: NOT Internal:(3).

Ipheader

IP Address

Search by the IP header of the email.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Specific IP Address:

Ipheader:(10.201.1.1)

IP Address using wildcards:

Ipheader:(10.*.1.1) AND Ipheader:(10.201.?.1)

MailDate

Date Time

Search by the date the message was sent.

Closed Range:

MailDate: [2018-01-01T00:00:00 TO 2019-12-31T23:59:59]

Open Range:

MailDate: {2018-01-01T00:00:00 TO 2019-12-31T23:59:59}

Messagesizeinkb

Floating Point Number

Search by total size of the email.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Messagesizeinkb:[2.5 TO 5]

Outbound

Boolean

Search whether a user sent the email.

Note:

This query search term does not support the Searches for the Microsoft Teams messages.

Outbound:true

Sender

Text

Search by the sender address(es).

Sender:JoeBlogs@example.com

Sender:*@example.com

Subject

Text

Search by the subject of the email.

Subject:IT

SubjectBody

Text

Search the text in the subject of emails and/or in the content of the email.

SubjectBody:Test

Textbody

Text

Search the text content of the email.

Textbody: "Hello World!"

To

Text

Search by recipient.

To:JoeBlogs@example.com

To:*@example.com

Examples of Query Searches:

  • Sourcetype:"Exchange"

  • SourceType:{"Exchange" OR "Citrix"}

  • MailDate:[2016-05-14T05:00:00 TO 2019-06-18T08:00:00]

  • Messagesizeinkb:[0.0 TO 11.5]

  • Subject:(export OR report)

  • MailDate:[2016-05-14T05:00:00 TO 2019-06-18T08:00:00] AND subject:archive

  • Sender:(*@domain.com OR *@domain2.com OR *@domain3.com)

  • Atttypes:(pdf OR docx) AND atttext:process

  • Attachments.filename:(Report.PDF or Export.docx)

Searching the From, To, BCC and CC fields

The To, From, and From/To search options are available within an Advanced Search.

  • The To option provides search results from the To, BCC, and CC fields.

  • The From option provides search results from the From field.

  • The From/To option provides search results from the From and To fields.

Searching within specific email domains

One way to search for items within a specific domain is to enter the domain name in the To field of an Advanced Search.

You can use wildcards to search for results from a group of similar domains. For example mycloud* returns emails for the domains that begin with mycloud.