Get started: Postini customers
Congratulations on your recent transition to G Suite and Vault. We know you’re experienced with eDiscovery and are ready to get started.Get started with search and export
1. Sign in to Vault
Vault has its own interface separate from other Google Apps.
2. Create a matter
A matter in Vault serves the same purpose as an investigation in Postini. It's a virtual container for all of the data related to an investigation. You can’t search Vault without one.
Unlike Postini, which always opens the last investigation you worked on, Vault requires you to create or choose a matter each time you sign in. This helps to ensure that your work is always associated with the correct matter.
3. Search for email and chat messages
Searching for email and chat messages in a large domain with many users can be tricky. Sometimes you'll find too many messages, and other times you won’t find enough. However, with the right search terms, Vault can find just the messages you’re looking for.Count your search results
A quick way to assess the effectiveness of your search is to use the Count results function, available from the Search drop-down arrow. Vault counts the number of messages that match your search criteria. You can then widen or narrow your search based on the requirements of your matter.
To reduce the number of messages Vault has found for you:
- Are you looking for messages sent by specific users? Enter a name in the Accounts field, or try using search operators like from:email@example.com and to:firstname.lastname@example.org.
- Looking for a specific phrase? An email archive can contains millions of messages and most of the commonly used words in a given language. You may find the words you’re searching for occur regularly in messages that are not pertinent to your matter. Try grouping words into phrases with quotation marks.
- Too many copies of the same message? Vault saves multiple versions of a message as the sender composes it. If you don't need this much detail, click the Exclude drafts box to remove these messages from your search results.
- Do you want to eliminate certain messages from your search results? Use a hyphen (-) to subtract messages from your search. For example, -subject:vacation removes all messages that have a subject that includes the word "vacation."
To find more messages:
- Review your search terms. They may be limiting your results.
- You can only search for mail in accounts that have been assigned a Vault license. Mail in unlicensed accounts is not retained and is not accessible through Vault. If your organization uses partial-domain licensing, see Assign Vault licenses.
- Vault returns a message's entire conversation collapsed into a single thread.
Click the thread to expand it. Click individual messages to read them:
Here are some additional queries you can use to find just the email messages needed for your matter.
|How to||Example query|
|Find all messages sent to or from an external domain||This query returns all messages exchanged with the external domain, regardless of sender:
|Find only chat messages||This query returns chat messages and excludes email messages:
|Find some words but exclude others||This query returns invite and invitational, but not invitation nor invited:
(invit* -invitation -invited)
|Find words that are near each other in a message||This query returns “don’t ever distribute” but excludes “don’t think we should distribute”. Use any number from 1 to 50.
("don't AROUND 3 distribute")
|Exclude deleted messages with a user-applied label||This query excludes all deleted messages that have had the “travel” label applied by the user:
-(label:^deleted AND label:travel)
|Find specific types of attachments||This query returns all messages with PDF attachments:
|Exclude messages that have been quarantined.||
This query excludes messages in admin quarantine:
While you're reviewing search results, the top of the screen shows the terms you just entered.
Click the search bar to bring up the quick-search form and modify your terms.
4. Search Drive for files
When you search for files in Drive, you have to search either by account names or by an organizational unit (with fewer than 5,000 users). Vault searches file names and the contents of supported file types.File types indexed by Vault
5. Save your search
Once you’ve finalized your search parameters, you can save the query and quickly perform this search later. Saved searches are dynamic; that is, your future searches will include messages and files created since the last time you searched.
6. Export and analyze
After you've found the messages or files needed for your matter:
Other Vault tasks
If you have the appropriate Vault privileges, here are some other tasks you may need to perform:
- You can preserve specific messages and file as required by your organization's retention obligations. Review your retention policies and update them as needed.
- You can create holds to preserve data for individual users or organizational units. Messages and files subject to a hold are never deleted, regardless of retention settings.
- Review the privileges that control what other users can do within Vault.
Postini and Vault feature comparison
Now that you’ve completed the transition to G Suite, you may want to reevaluate to your organization’s eDiscovery policies and procedures to take advantage of the improvements that come with switching from GMD to Vault.
|Vault feature||Customer benefits|
|Built on G Suite and Gmail||You have expanded search options:
|Flexible retention policies||You can now retain specific messages based on organizational unit, search terms, and/or date sent. Review your retention policies and update them as needed.
Note: Currently Vault cannot retain or hold files in Drive.
|Targeted holds||You can now create litigation holds based on user account, date sent, and/or search terms.|
|Unlimited retention||Your organization is no longer restricted to GMD’s 10-year retention period. Vault can retain messages indefinitely.|
|In-place storage||Because Vault is fully integrated with other Google services, there is no duplicate archive for you to maintain.|
See the following sections for additional information about Vault features.Postini features included with Vault
These features already exist in Vault and are ready for you to use today.
|Postini feature||Vault feature|
|Archived email search||Search email data
Search for and export your organization's email for eDiscovery and compliance purposes.
|Advanced Boolean search||Search operators
Use advanced search operators, including Boolean operators, Gmail operators, and the wildcard operator.
|Identity lookup and search||Search email data
Search for archived messages based on one or more user accounts.
|Investigation management||Organize and create matters
Create a matter to manage your investigations and organize your archive queries. In Vault, a matter is a container for all of the data related to a specific case or investigation.
|User holds||Litigation holds
Place an account on litigation hold to preserve a user's Gmail data. Access your held data in Vault via search.
|Restrict searches||Vault privileges
Configure roles for your domain, and then assign them to Vault users.
|Message summaries, detailed message display, attachment viewing||Preview search results
View search results, including message conversations, header details, and file contents, before you export.
|Archive reports||Reports and audits
Review the actions users have taken while signed in to Vault.
|Place a hold on saved search results||Targeted hold
Use holds to prevent messages from being purged from the archive. Holds can be targeted at individual users, organizational units, or at specified search terms.
|Export saved results||Export search results
Export messages and files for further analysis or to share with non-Vault users.
|Retention based on organizational unit||Retention rules
Set retention policies for individual users or organizational units.
These features are currently in development and will soon be ready for you to use with Vault. This table will be updated as the new features are launched.
|Postini feature||Vault feature|
|Personal archive||End user access to Vault data within Gmail
Gives users access to all mail that is covered by a Vault retention rule or hold. When this feature is enabled, the Trash folder becomes each user's personal archive. Users can recover deleted messages without the assistance of an administrator or the need to sign into a separate application.
Note: This feature does not support non-Gmail mailboxes. It requires G Suite Business.
Enables administrators to restore messages from Vault that were accidentally deleted by users.
|Transfer ownership of saved searches or investigations||Enables you to transfer the ownership of a matter to another Vault user.
Note: Vault will never automatically delete a matter. Should the owner of a matter leave the organization, the matter remains available to Vault administrators.
|Investigation summary page||Investigation summary
Provides a summary of the search criteria you used for a matter.
These features are not supported by Vault:
- Catchall archiving—Vault doesn't archive users who aren't provisioned in G Suite.
- Lotus Notes™ support—GMD supported the ingestion of Lotus Notes journals. Vault doesn't support Lotus Notes.
- Non-standard Exchange journal ingestion—Vault only accepts standard RFC 822 MIME (or multipart) journals with journal reports in text or plain, or text or HTML MIME parts. Vault doesn’t accept journals in other formats, nor does it accept BCC-forwarded messages to the journal address that are not wrapped in a journal format.
- Alerts on Exchange journals—Vault doesn't have capabilities to track Exchange journal flow from a customer’s email server and alert the customer administrators via email on events.
- Export as PST—GMD supported both mbox and Personal Storage Table (PST) exports. Vault supports mbox only for email exports.
- Saved search results—GMD supported the ability to save searches and save search results. Vault supports saving searches, but not results. To save results, users must export the data set or create a targeted legal hold.
- Message size—Vault is built on Gmail, which can accept messages up to 25 MB in size, so users are limited to 25 MB per message.
- My Investigation—This feature is no longer supported. Users wanting to run searches for discovery, or an investigation, or to place a legal hold must create a matter in Vault. This is equivalent to running a search through a named matter in GMD. Google transitions each user’s “My Investigation” to Vault.
- Lookup—The GMD-specific feature to look up a user’s address is no longer supported, but Vault still enables users to find specific IDs. Vault automatically looks up a user ID as you type it in a the search box.
- Company directory panel—In GMD, you could search for a user’s identity, which included all email addresses and aliases registered for that user on your message security service. This type of search is not supported in Vault.
- Secure FTP transfer—GMD enabled secure FTP transfers of exports from the interface. Vault does not support this feature. However, in an upcoming release, Vault will enable you to manage exports in Drive, which will eliminate the need for FTP transfers.
- Manual archive purge—While GMD supported manual archive purging, Vault only supports an auto-purge of data from the archive. However, Vault automatically reconciles multiple retention periods on a given document and any legal holds.
- Sorting results by date, from, to, and subject—In Vault, sorting is limited to sorting results by date.
- Mail flow search—The feature is being retired and isn't included in Vault.