Monday, 20 July 2015

Exchange Server Database Changes Over the Years



Exchange Server in its core form can be described as a database management server. The server over the period of time has gone through many changes and some of the notable changes are. For majority of people the only thing they believe that Exchange server can do is manage emails.
 
Let’s see how the Exchange Server Database technology evolved over the decade.

Exchange Server Version 2007
When it was in the process of launching up it was rumored that it going to be based on SQL storage technology but once it was released it proved to be a rumor only and as a matter of fact Microsoft increased the researched fund to enhance the functionality of Extensible Storage Engine (ESE) and it proved to be a great technology for Exchange Server database management over the years. The company brought many changes in Exchange 2007 and there were two major changes in database management.  The first change was in increase limit of available mountable database to 50. Second major change was in term of removing the file size restrictions from the mailboxes. Removing STM Files from Exchange Server was also a noticeable change made by the Microsoft in Exchange Server 2007. This removal of STM files gives total control of Exchange Server data on the shoulder of EDB Files.

Exchange Server Version 2010
Many changes were made noticeably in ESE framework which was redesigned after numerous technical inputs over the years from various sources and to match and meet the changing dynamics of the current corporate email management requirement.  Server architectural changes were incorporated in the framework and that includes better compression technology, larger page size, online runtime defragmentation and new database tables. This exchange server now allowed features which can help the storage cost as lower performance JBOD can be incorporated within the Exchange Server 2010 framework for storage cost minimization.

Exchange Server version 2013
Many improvisations took place in storage department to further improve how mailbox database is handled. To improve the server performance disk access was reduced. Changes in database schemas were also introduced. 

Exchange Server Storage Technology Mailbox Database:
All database setting can be managed via the configuration objects provided by the mailbox database. The administrator can configure different aspect of the database. There are various aspects that the administrator can manage such as location of the db file, transaction log file setting and other aspect of mailboxes that are part of the database. 

Saturday, 18 July 2015

Email/Digital Forensics Stages for Incident Response



There are multiple stages for investigating any crime committed and this stands true for Digital Forensics Investigation as well and like other forensics investigation Digital forensic also requires planned and systematic actions to uncover the truth. There are broadly six stages that needs to be followed:

The First stage: Preparation

This aspect covers how you going to handle the situation, what precautions need to be taken for successful investigation of computer incident.  Preparation includes creation of polices of what you can do and cannot do including warning banners and other notification for others to notify of ongoing investigation.  You also needs to be train yourself/team properly if you are not familiar with the technology that been used in the company. Also needs to be fully prepared with legal aspect if you are going to investigate in area where you are not familiar with the judiciary and local laws.

Second Stage: Identification

Before diving into the nitty-gritty one has to sense and identify apple from oranges to weed out the suspect activity and keeping out the rest infrastructure unaffected. Is there is issue with the network, if yes then is it confined to some particular location/machine or the suspicion is network wide.  The wider your suspicion area the more difficult to manage hence you really need to specify your targeted area so that maximum utilization of resources could take place. 

Third Stage: Investigation

This step requires lots of questions to be asked and getting answer of those questions. Such as how the network intrusion took place, was it confined to a single location/ machine or multiple areas are affected. Is someone from the origination was involved or the threat originated externally. What hints the log files are providing.
It is advised that one must documents each and every step especially in case of external threats where in majority of cases law enforcement are employed.

Fourth Step: Eradication

This step is initiated when you are sure that no further internal or external action is required for the investigation.   This step can be termed as the process of getting rid of the problem and involves running antivirus scan, removing software that are infected as well as rebuilding the OS.

Fifth Step:  Recovery

This is the process of taking the business back into normal and involves service, network validation, testing and after thorough analysis certifying the system for restoration of work to normal.

Final Step: Follow Up

Ones you complete the investigation process you need to ask couple of question so that such mistakes does not get repeated. The questions can be many but some general question are:

  • What has been done now is it sufficient to prevent such type of intrusions.
  • How easy/difficult was it to detect the intrusion.
  • What was the cost of the incident in term of financial losses?
  • What are the preventive measures to avoid such situation from happening again?

Such follow up are critical to strengthen the security and to avoid such intrusion from happening again within the organization or anywhere else. The best part of such intrusion is that it helps to improvise by pointing the loophole.

Friday, 17 July 2015

E-Mail Basics in Outlook 2013 - Reading and Replying



The Microsoft has made the Outlook 2013 a whole lot easier to work with and even for novice user they can get accustom to it in very short duration. To help you get started I will be showing you the process of sending and reading emails in Outlook 2013.

The outlook view screen is distributed in three major parts
  • The leftmost panel is the area that holds different features of the Outlook (Mail, Calendar, contacts, task)
  • The second column is where all the emails that you receive will be listed.
  • The right column (also known as reading panel) is the area where you will be able to view any particular email in depth. This is the area where attachment will be shown and displayed.

To Read the message You have to perform the following in Outlook 2013:

  • Click on the Mail Icon available in the first column (This is optional and only needed if you are not seeing the emails.)
  • Double click the email header you are interested in to view the entire part.
  • Upon viewing the email message if you wish to close the message then simply click on Esc button to exist out of that particular email.


Tip: If you are in hurry just use up and down arrow to quickly browse through all the emails one by one.
 


  Fun Fact: 100 billion emails are sent and received each and every day and 97% of those are SPAM emails.


Answering your received emails
  • This step generally involves three steps.
  • Clicking the reply button.
  • Typing your response with respect to the email.
  • Final step, just click on the send button.

Tip: There will be cases when the emails have many recipients. Clicking on Reply button will send your email only to the sender. Clicking on Reply All will cause everyone in the recipients to see what you have replied. So if are writing something that you don’t want everyone in the email chain to see just click on the reply.