You now know how to set up default and custom data holds that are required for an investigation, and learned how to set up a search for the different types of content within Vault. It is now time to actually search and export our results.

For Mail and Groups searches, the dataset can be large, and processing can take a while. Sometimes, it takes some refinements before finding the right combination to find the information you need. Before you start searching, it's a good idea to click Count to verify how many records match your parameters, in case there are too few or too many:

After requesting a search count, you will be able to see the number of records and accounts that matched your criteria. If you need more details, click the Download accounts with matches to get a CSV file that details all the account names, and how many records matched each one.

If you click the Export button, you will skip the part where you see the results, and the system will start working on the export file immediately; you can track the progress and see the results on the Export tab on the left menu. The Search, Count, and Export buttons look as follows:

The arrow next to the Search button shows a drop-down menu that allows you to do the following:

• Reset all current parameters on the form.
• Create a Duplicate search form below the one you are using, with the same parameters. This is useful when investigating and you wish to keep a copy of some search parameters, but keep experimenting with changes.

To see the results, click Search, and once the system finishes, you will be taken to the results screen. Let's explore what it has to show us:

• At the top of your results, you will see the Save query button, which allows you to keep a copy of the parameters you used to discover something. After you click this button, follow these steps:
  
  1. Assign a name for this query in the form:

• 2. Click Save to create a quick link below Search on the left menu:

• The next button is the Export results, which allows you to put your findings on a special file. After you click the button, follow these steps:
  
  1. Write a name for your search on the Export name field:

• 2. You can optionally assign a Data region so that your Vault information is physically stored. This could be a legal requirement in some cases. You can choose from the following in the drop-down menu:
     • No preference: This is the default and Google will place data where they consider it to be more efficient
     • United States: This will force data to be stored only on data centers located in the United States
     • Europe: This will force data to be stored only on data centers located in Europe
  3. Choose the Format of the exported file from the following in the drop-down menu:
     • MBOX:
       • Used by Mozilla Thunderbird, but can also be seen on a text editor.
       • Can be up to 10 GB in size. If more is needed, multiple files will be created.
       • Each file only holds information from one account. If multiple accounts are in the export, then one file will be created for each account.
     • PST:
       • Used by Microsoft Outlook.
       • Can be up to 1 GB in size. If more is needed, multiple files will be created.
       • Each file only holds information from one account. If multiple accounts are in the export, then one file will be created for each account.
  4. Click Start export so that Vault begins building the necessary files to hold the results.

• At the top right, you will see the Share button. Use this to share this search with another user. The Sharing Settings screen looks as follows:

The time it takes the system to build an export file will depend on the amount of information that will be exported; however, you can keep track of its progress and download  it once it's ready in the Export section of the left menu. We will see more about this in the next few pages.

Now that we have fully covered how to export Mail search results, let's learn how to do it if you need to export Drive search results.