eDiscovery Software | eDiscovery Collection Software | Pinpoint Labs

Frequently Asked Questions

FAQ

These are the questions we have been asked about our product. If your question isn’t represented please feel free to reach out to us.

GENERAL

Business hours for PinPoint Labs are Monday-Friday 8am to 5pm CST.

The Portable License Manager (or PLM) is an online portal for distribution and management of Harvester Portable and/or SafeCopy Nomad licenses. Using this utility, a user can create aliases and time-out dates for their licenses.

Log into the computer with Admin Credentials or when launching Harvester – ‘run-as Administrator’. Use the VSS option under the Sources tab.

To collect from a Mac using PinPoint Labs products, you can use one of the following methods:

  1. Set the Mac to Target Disk mode so it is visible on Windows
  2. The Mac drive will need to be shared to a Windows machine
  3. A Windows machine will need to be emulated on the Mac.

For more info please see this PinPoint Labs blog post: https://www.pinpointlabs.com/2458

Contact sales@pinpointlabs.com or call 888-304-1096 to speak with a sales representative.

HARVESTER

No, the processes take the same amount of time.

Yes the Harvester executable, along with the other necessary Harvester executables found in the bin folder, are digitally signed by PinPoint Labs.

There are a few reasons why a Harvester Server job would not launch including; improperly formatted OCC file or job, no connection to the target machine, no network connection, incorrect permissions to the target/logs folder or to the target machine, etc. For assistance please contact PinPoint Labs Support at 402-298-4712 (or 888-304-1096) or support@pinpointlabs.com.

It needs to be installed to any windows compatible network share and accessed via the UNC path of that shared location.

There are various reasons why a Harvester Server job would not launch, including: improperly formatted OCC file or job, no connection to the target machine, no network connection, incorrect permissions to the target/logs folder or to the target machine, etc. For assistance please contact PinPoint Labs Support at 402-298-4712 (or 888-304-1096) or support@pinpointlabs.com.

Harvester Server retains all of the same functionality as Harvester Portable with the addition of the ability to remotely launch stealth jobs and monitor multi-job progress from a central location.

VeraCrypt creates encrypted file containers for collected data, keeping all collected data in a single encrypted container file for easier transport. A VeraCrypt encrypted container file acts like any other kind of file, with the exception that it can also act as a hard drive in Windows. Files that have been copied to this encrypted container file will stay inside the container file.

Also known as Volume Shadow Copy Service or VSS – is a technology included in Microsoft Windows that allows taking manual or automatic backup copies or snapshots of computer files or volumes, even when they are in use. It is implemented as a Windows service called the Volume Shadow Copy service. Shadow Copy technology requires Windows Vista or higher. It also requires the file system to be NTFS in order to create and store shadow copies. Shadow Copies can be created on local and external, removable, or network volumes by any Windows component that uses this technology, such as when creating a scheduled Windows Backup or automatic System Restore point.

VHD, or Virtual Hard Drive, is a file container for collected data, keeping all collected data in a single container file for easier transport. A VHD container file acts like any other kind of file, with the exception that it can also act as a hard drive in Windows. Files that have been copied to this virtual hard drive will stay inside the VHD file

Currently there are no settings that need to be changed for the provided cloud sources (Google Drive, Dropbox, Box, OneDrive, OneDrive for Business) due to Harvester being an approved application that is registered with those cloud sources.

For IMAP connections, IMAP access and, where applicable, less secure application allowance will need to be enabled on the target account. Other features, such as two-factor authentication and text message validation, will need to be disabled. The options to enable or disable these features can be found in the account settings for the email account with the email account provider and are not set within Harvester.

In order to search a mail store for a specific kind of attachment (specific extension) you will need to use the dtSearch functions built into Harvester. For example, to search a PST for any .DOCX attachments you would use the following syntax:
(Attachments includes “.docx”)
This would export any messages containing .DOCX attachments. The exported messages would be in MSG format.

The order for email filtering is as follows:
Email is found –

  • Is it in one of the sources you picked in the email tab?
  • Is it in one of the folders allowed by the email folder filters?
  • Does the recipient list contain any of the domains/names you included in the email tab (if applicable)?
  • Does it meet the date range criteria from the email tab (if applicable)?
  • Does it have nonsearchable attachments (if applicable)?
  • Does it have encrypted attachments (if applicable)?
  • Does it contain any of the keywords you specified (if you specified any for emails)?
  • Is it to be excluded because of dedupe or hash list filtering?

The order for file filtering is as follows:
File is found –

  • Is it one of the sources you identified?
  • Is it allowed under the exclusion patterns (if any)?
  • Does it meet the inclusion patterns (if any)?
  • Does it meet the date range criteria (if any)?
  • Does it match the header (type) and extension criteria (if any)?
  • Does it meet the hash filtering criteria (if any)?
  • Does it meet the encryption criteria (if any)?
  • Does it meet the keyword criteria (if any)?

Harvester can only write the full data set to a single target per job, but when certain options are enabled – such as encrypted items going to special locations and collated PSTs going to a separate location – Harvester will write to more than one location at a time.

The MD5 hash value is based on the following values: Sender, Recipient, CC, BCC, Subject, Email Body, Attachment Names, and Attachment Sizes.

For loose files, only the full file data is used. Filesystem data such as the filename and the MAC times are not used to calculate the hash of a file.

Harvester can search NSF files but only with Lotus Notes 8.5 (32-bit) or higher installed.

Yes, using the PinPoint Labs Mail processing engine (PPLM) Harvester can search inside of OST files without the need to have Outlook installed at all.

Yes, using the PinPoint Labs Mail processing engine (PPLM) Harvester can search inside of PST files without the need to have Outlook installed at all.

Yes, Harvester can search inside of ZIP files.

Harvester has 2 phases – Enumeration (or finding files and applying the filter criteria to determine what is relevant and will be copied) and Processing (or copying the files that were responsive to the filters). Once enumeration is done processing will begin. The “Current item” and “Current container” items will be regularly changing in the Harvester Overview tab.

Logs folders can be located by checking in the History tab, highlighting a previously run job and scrolling down to the Target folder and Logs folder locations in the Settings tab.

An SCJ file contains the settings from a job that has already run.

Job profiles can be run without saving or saved. Once saved, new job profiles are stored in the “_occ” folder by default with the .occ extension.

Click on the Tools tab and click Deactivate. Once deactivated, the software can be activated on another device or computer. Once you have placed the unzipped file contents onto another device or computer, you can activate the license using your same Account ID. Because of application-created databases in the Harvester folder, we highly recommend creating a new Harvester location by unzipping the downloaded content rather than copying the folder to a new location.

Click on the Tools tab and click Deactivate. Once deactivated, the software can be activated on another device or computer. Once you have placed the unzipped file contents onto another device or computer, you can activate the license using your same Account ID.

Harvester copies files in their native format, making no changes to metadata or properties.

SAFECOPY

With SafeCopy Desktop version 3.0.640 and later, you will need to deactivate the license by clicking on the “Tools” tab and then selecting “Deactivate License”. A confirmation will appear stating that SafeCopy has been deactivated and will close. After that, simply re-download the SafeCopy Desktop MSI and run on the desired location and reactivate after installation. With any previous version, please call PinPoint Labs Support at 402-298-4712 (or 888-304-1096) for assistance.

First, you must deactivate the license by clicking on the “Tools” tab and then selecting “Deactivate License”. A confirmation will appear stating that SafeCopy has been deactivated and will close. After that, simply drag and drop or copy and paste the SafeCopy folder to the desired location and reactivate.

SafeCopy cannot write to 2 locations at once.

SafeCopy begins by enumerating files and then copying those files in succession whilst enumerating and copying other files.

Yes, SafeCopy preserves file system time stamps and metadata and uses MD5 verification to ensure a defensible copy.

SHAREPOINT COLLECTOR

SharePoint Collector requires the full .NET framework 4.5.2

No, there is no limit to the overall amount of data to be extracted using SharePoint Collector.

There is no limit to the number of items in a list or library that SharePoint Collector can export. SharePoint Collector does not have any limits other than the OS file system limits. See SharePoint documentation of the limits of SharePoint itself – https://support.office.com/en-us/article/SharePoint-Online-limits-8f34ff47-b749-408b-abc0-b605e1f6d498

In the case of lists, such as generic list, appointments, etc. these items exist only as xml fragments in the SharePoint repository. The exception is when the list contain an attachment. For the list data, each item in a list is written as an xml fragment. The list item is rendered in HTML based on the standard default view template.

The user permission are based on the credentials of the user provided in the site list file. If using federated login, then it is the credential entered on the 3rd authentication interface.

Metadata is an xml fragment. It is stored as an XML file. The user has the option of having these files stored in the same folder as the file or in a separate folder structure.

Any errors that occur when itemizing the site, that is to say getting the collection of containers that can contain data, are contain in a itemization log, ItemizationtLog0.txt located in the Jobs folder of the target along with the export log ExportLog0.txt, an log that only contains export errors, ExportExceptionLog.txt, the chain of custody, ChainOfCustody.txt and a cross reference that will allow matching the user defined name of the list or library to the actual name in the SharePoint repository.

Each version of a file in a document library is maintained in a version list (XML data). The version history contains the current version and then each version starting with the oldest version. The versions are kept in the same export folder as the document.

The metadata element ows_IsCheckedoutToLocal and ows_CheckedOutUserId contain the information on check out status. SharePoint Collector will still export the item.

Example:

– Not checked out (checked out value is 0 and no username is present)
ows_IsCheckedoutToLocal=”5014;#0 ows_CheckedOutUserId=”5014;#”

– Checked out (checked out value is 1 and a username is present)
ows_IsCheckedoutToLocal=”5014;#1 ows_CheckedOutUserId=” 11;#USERNAME”

Yes, SharePoint Collector will collect from an Office 365 environment.

SharePoint Collector will collect from 2007 sites that utilize MOSS, not WSS

Unfortunately SharePoint Collector will not collect from a 2003 SharePoint site.

A file that contains an inventory list of the items SharePoint Collector intends to collect.

SharePoint Collector writes files from libraries in their native file format. List items are written in html format.

SharePoint Collector will collect documents, lists, calendar items, contacts, announcements, attachments, Wiki, and Blogs from SharePoint and Office 365 Sites.

First, you must deactivate the license by clicking on the “Actions” tab and then selecting “Deactivate License”. A confirmation will appear stating that SharePoint Collector has been deactivated and will close. After that, simply drag and drop or copy and paste the SharePoint Collector folder to the desired location and reactivate.

SharePoint Collector can be placed anywhere locally on a Windows system.

Get in Touch with Us

Schedule a FREE demonstration or ask any question. We’d be happy to help.

  • This field is for validation purposes and should be left unchanged.