Administration Guides

Legal Hold Solution

Home



Overview

The legal discovery workflow allows Search & Recover to be used by legal departments to locate file data of interest using content aware search index.   Key criteria for this solution is allowing legal to search data without the need to have permissions to the data itself.   Once file data of interest is located, it is required to make a copy of this data and comply with legal hold requirements.    Legal hold requirements means the file are locked and cannot be modified regardless of the permissions set on the files, and the hold should have a retention period to protect this data for the duration of the legal hold project.

This guide will explain how to configure a legal hold solution with Search & Recover and Dell Isilon Smartlock feature that provides locking and retention policies.


Create the Legal hold Project Space

  1. Create a file system location for for smartlock policies to be applied.  Example /ifs/legalhold
  2. This folder will hold legal hold project data with projects stored under this path example /ifs/legahold/project1 would store all files identified by legal as requiring legal hold for project1

Create SmartLock policies on the Legal Hold Project Space

  1. Requirements: Smartlock License
  2. This screenshot is only an example of how to configure smartlock retention on the folder.  It will lock the file 10 minutes after creation and hold the files for 30 days.
    1. Adjust these settings based on legal hold requirements.  NOTE:  retention policies can also be created on a per project folder under the /ifs/legalhold project space, if different retention periods are required per project
  3.  


How to Create Legal Search Users in Search & Recover

  1. Creating a search administrator with Active Directory users for each legal user that needs to search for files using the following command for each user.
  2. Follow the steps on this link to add a path to an AD user.  This grants the user permissions to return search results from this path and below.  The default command provides access to search contents of files.  This command will override SMB or file system ACL security and return results from a search.


How Legal Discovery Users Provide File Lists for Project Retention


cp5.sh

#!/bin/sh

# takes in two parameters (a source file path, and a destination path) and copies the source file to the destination path, while md5 checking source and destination and outputting a copy manifest the source file path is an absolute linux based path to a file, including extension ie/ /ifs/data/my/file.txt.  The target path is a directory on a linux file system ie/ /ifs/data/ouput_dir.  

# usage: cp5 /path/to/source/filename.ext /path/to/destination/folder

# superna - 2022



if [ $# -ne 2 ] ; then

    echo "Usage: cp5.sh source_file target_file"

    exit

fi


SOURCE_FILE="$1"

TARGET_DIRECTORY=${2%/}

TARGET_FILE_PATH=$TARGET_DIRECTORY$SOURCE_FILE

TASK_ID=$(basename $2)

TEMP_TAR=$TARGET_DIRECTORY/$TASK_ID.tar

OUTPUT_MANIFEST=$TARGET_DIRECTORY/$TASK_ID.manifest


(cd / && tar --append -p --file="$TEMP_TAR" "${SOURCE_FILE#/}" 2>&1)

tar --extract -p --file="$TEMP_TAR" --directory="$TARGET_DIRECTORY"

rm "$TEMP_TAR"

if [ ! -f $OUTPUT_MANIFEST ]; then

    echo date,source_file,source_hash,target_file,target_hash>$OUTPUT_MANIFEST

fi

echo $(date +"%Y-%m-%d-%T"),$SOURCE_FILE,$(md5 "$SOURCE_FILE"|sed 's/^[^=]*=//'|xargs),$TARGET_FILE_PATH,$(md5 "$TARGET_FILE_PATH"|sed 's/^[^=]*=//'|xargs)>>$OUTPUT_MANIFEST



Instructions for cluster admin:

  1. Create a legal hold directory (eg mkdir -p /ifs/legalhold/project_001)

  2. Use the OneFS UI to create an SMB share on the path, granting the legal investigation team read only access.

  3. Use SMARTLOCK to apply a WORM lock on the path as required. (prevents access modification)

  4. Copy this script to a new file in the your home directory calling it cp5.sh and ensuring to chmod +x to make it executable

  5. Instruct the legal discovery team (Superna Search and Recover Users) to export search results using the Script Wizard and filling in the dialog as follows:

  • place ./cp5.sh in the box to the left of the “Full Path” box

  • place the directory name you shared for the legal hold (eg/ /ifs/legalhold/project_001) in the box to the right of the “Full Path” box

  • Script format Shell

  • Tick the Surround path with quotes box

  • Click Create for All
    This will download an igls_nnnnn.sh file

  1. The Legal Discovery team can iteratively send you these scripts.

  2. Transfer the discovery scripts to the cp5.sh path on the cluster under investigation

  3. Execute the discovery script from the command line as a privileged, OneFS user.

The discovery script will copy the files identified to the legal hold folder while updating a manifest file.  This manifest file will contain the results of the copy, including a source and target hash to confirm the providence of the copied file.  Leave the manifest file in place during the discovery.


Purge or tar/archive the legal hold folder once discovery is complete.

 

Sample Manifest Output

date,source_file,source_hash,target_file,target_hash

2022-09-28-21:31:47,/ifs/data/demo/sectarget/cat.txt,d71687051956af08cba9b37b8d2d35d0,/ifs/legalhold/project_01/ifs/data/demo/sectarget/cat.txt,d71687051956af08cba9b37b8d2d35d0

2022-09-28-21:31:47,/ifs/data/demo/aws/cat.txt,d71687051956af08cba9b37b8d2d35d0,/ifs/legalhold/project_01/ifs/data/demo/aws/cat.txt,d71687051956af08cba9b37b8d2d35d0










    How to Configure Indexing on the legal hold path

    1. Adding the legal hold path to the index will allow the data copied to the legal hold project space will allow full content searches of the locked project data.
    2. See the configuration steps to add the folder and start indexing on the folder in the configuration topic in this guide.   Guide is here.




     





    © Superna Inc