8.5 Advanced Search
The Advanced Search tab contains the ability to specify vast amounts of criteria and combine search terms to exclude and include various searchable items to retrieve specific information. This search works better, the more you know about what you are looking for, as it allows fine tuning of criteria.
Searches will be restricted to the mailboxes specified in the ‘Search Mailboxes’ window. By default, all mailboxes are set for searching. To limit the search to the mailbox or mailboxes specified, click on the ‘Select’ button to open the ‘Select Mailboxes’ window. The ‘Select Mailboxes’ window functions exactly the same in advanced search as it does in the standard search.
The system will begin to display results as soon as either the search mailboxes have been specified, or new search criteria has been added. To add new criteria, select the ‘Add’ button.
The Search Criteria contains the ability to specify where to search, operating criteria - (word ends with, word starts with, field contains words, field contains phrase), and the desired search terms. The list of search items and fields available to be specified in the drop-down list is shown. Each variable on the list is tied to appropriate search operators, (date range allows the specification of a date, Confidential tags have a true/false operator, etc.)
Search Field
Subject: search the message subject field.
Recipient: search the message recipient field.
Attachment name: search the names of the message attachments.
Category: search the item’s category field.
Date: this depends on the type of item. This can be a range. If it is a sent email or instant message, it is the sent date. If it is a received email, then the received date; an appointment, the appointment date.
Sent date: search the message sent date field. If the message is an email this can set by email sender and can be spoofed.
Received date: search the message received date field. If the message is an email, it is set by receiving email server and is very reliable.
Begin date: The earliest date to be searched for calendar items, appointments, tasks and so on.
End date: The latest date to be searched for calendar items, appointments, tasks and so on.
Tag: search tags set within Retain.
Litigation hold: search items that have litigation hold applied by Retain.
Confidential: search items that have confidentiality applied by Retain.
Item Type: search the item type, which may be Mail, Phone message, Appointment, Task, Note, Message, Phone call, BB PIN, Wall posts, Chats, Likes, Comments, Group posts, Media, and Ratings.
Item Source: search the item source of Received, Sent, Personal, or Draft.
Sender (email): search sender by email address.
Sender (display): search sender by display name.
Sender Domain: search by the sender domain.
Recipient Domain: search by the recipient domain.
Mail server: search by the mail server of sender and recipient.
Messaging Domain: search by the messaging domain of sender and recipient.
Phone number: search by phone number, if the phone number field exists.
Location: search by location, if the location field exists.
Internet Header: search the term in the Internet header field
Message Content: search only the content (body and attachments)
Attachment size: search by attachment size in bytes.
Opened: search only messages that have been opened.
Read: search only messages that have been read.
Private: search only messages that have been marked private.
Operating Criteria
Each field can be restricted to:
Field Contains Phrase: An exact search of the phrase, the same as enclosing the phrase in quotes in simple search. Basically ANDing each word in the phrase. For example, search for “The quick brown fox” will return only items with the entire phrase ‘The quick brown fox’
Field Contains Words: will search for each word in the phrase. This will be ranked by closest match at the top. Basically ORing each word in the phrase. For example, search for “The quick brown fox” will return only items with the entire phrase ‘The OR quick OR brown OR fox’.
Field Does Not Contain Words: will exclude search results with the words.
Words Start With: will search for the word but with a wildcard at the end. For example, deter will be treated like deter* and return determine, determined, deterred, and so on.
Word Ends With: will search for the word but with a wildcard at the front. For example, “tion” will be treated like *tion and return action, playstation, function, and so on.
Cascading Options
In addition, the interface allows for no limit of search terms, additional terms may be added to he search criteria and connected to the previous search terms. Additional criteria may be logically connected with ‘and’, ‘or’, or ‘new group’. To add a new search term and criteria, select the ‘+’ directly to the right of the existing search criteria.
By default, when a new search term is added, it is automatically ‘AND-ed’ together with the previous search term. This allows you to be able to build complex search terms to fit known data.
When building complex search criteria, it is critical to know what you are looking for. For instance, if an insider trading tip was suspected, and the recipient was known as well as some details about the message and when it must have been sent by, the following search could be compiled:
In this search, any message sent which stated ‘merge’, or ‘merger’ in the subject, and contained a known company secret in the message body, or, discussed the name of an executive involved, would be displayed. In addition, the search would also grab any messages sent to the suspected contact before the merger date. Additional criteria which could be added includes the company’s stock listing or any further details pertaining to the proposed leak.
To begin the search, select the ‘Save’ button at the bottom of the query window to perform the search. The active criteria is now listed in the left pane, and may be edited or removed. To add criteria, select the ‘Edit All’ button to add to or refine the search criteria.