Electronic Discovery or e-Discovery is the process of identifying documents that can be used as evidence in legal cases. SharePoint Online has e-Discovery site template that help to search for legitimate legal contents and place a hold on them until legal formalities are completed. However you have to be a global administrator to place a hold on the document. The high level process involved in e-discovery is diagrammatically shown below,
Source: TechNet
In this article we will see how to
- Create a new case
- Create a e-Discovery set
- Place Hold on items
- Search and Export items that are discovered using e-Discovery
Create a New Case
e-Discovery case is the main site collection that will hold all the e-Discovery set and the items upon which an In-Place hold has been initiated. In order to create a new e-Discovery case we can click on Create new case button available on the page.
This will open up a subsite creation page and a new subsite will be created under the e-Discovery root site collection
Once the site is created, we can create and explore the entire feature set of e-Discovery center. We can create an e-Discovery set which will identify and preserve the required contents. We can also place In-Place hold on the items such that users can work on the documents without even knowing that a hold has been placed on it. Users can still work on the contents but a copy of the contents at the time when the hold was initialized is preserved.
Create e-Discovery set
Once the e-Discovery case site collection is created, we can create e-Discovery set which will contain the set of items that qualify the filter condition that we input in the Filter Text Box. Before adding the filter we have to add the result source upon which the e-Discovery query will be applied. Click on Add & Manage Sources
We can either specify the Exchange mailbox address or the SharePoint Site URL.
We will be trying to get the js File using e-Discovery and place and In-Place Hold on it.
Once the source has been added, we can specify the filter condition to select the document or collection of documents that has to be part of e-Discovery/In-Place Hold. We will be using KQL(Keyword Query Language) to specify the filter condition. You can get quick walk through on KQL from here . Here we will specify just the search keyword that will get the files with the name “ListViewModification”
When we click on Get Statistics it has picked up 3 files from the SharePoint result source that matches the file name.
If we want to get more accurate results we can specify Start Date and End Date to filter out false results.
In-Place Hold
In-Place hold works in such a way that a hold is placed on items and users can work on the documents without even knowing that a hold has been placed on it. Users can still work on the content but a copy of the content at the time when the hold was initialized is preserved.
Using the filter condition we have retrieved the required document in the above section. By default In-Place Hold is disabled.
Select Enable In-Place Hold to activate a hold on the e-Discovery set that was selected by the KQL Query.
Heading back to the home page, we can see that a new e-Discovery set has been created and an In-Place Hold has been placed on the item.
Once In-Place hold has been placed, going over to the site collections list we can see that a lock has been placed on it to prevent it from deletion.
Search and Export e-Discovery Set
In the same way we create an e-Discovery set and place In-Place Hold, we can search for the e-Discovery items and export the results. Click on New Item under Search and Export section to initiate the Search and Export option.
Specify the KQL Query in the Query section and the Start Date and End Date(Optional). Click on Search to get the e-Discovery set.
In the SharePoint tab we can see the items that matches the Query.
The items that come up as part of the Search can be exported by clicking on the Export button.
Click on OK to initiate the download. Select either of the Download options to start the download.
This will download Discovery Download Manger that will facilitate the downloading of the results.
Once the download manager is downloaded, specify the location in the local system where the report/results have to be downloaded.
The download of the CSV files has been completed.
We can see the downloaded CSV files that contain the e-Discovery set results in the local system path.
Upon opening the CSV we can see the case details, e-Discovery set and the query that has been used to fetch the e-Discovery set.
Heading back to the home page we can see the search and export status.
Note
In case you face any issues while downloading the Search Results you can check out this Microsoft KB article for the multiple possible solutions.
Summary
Thus we saw how to work with e-Discovery set, In-Place Hold , Search and Export of e-Discovery Set in SharePoint Online.