All Activity
This stream auto-updates
- Yesterday
-
2.3 Release Installers for Intella 2.3 and W4 will be available early next week (23-24 July). We are making a small change to the Flux capacitor before final release.
-
Jon, We do about 100 forensic examinations a year. Our main tools are Intella and Axiom. We would like to test W4. John McElhatton www.3dforensicsinc.com
- Last week
-
Hi Fuzed, The next release (2.3) has this functionality. 2.3 will be released in the coming days. But, if you want to try the new functionality now, we can provide you a snapshot version for testing. Please submit a support ticket to https://support.vound-software.com if you would like to test OLK15 in the snapshot version. -
*.olk15Message - is there a way to include in Intella?
fuzed replied to Jonas's topic in Intella 10, 100, 250, Pro and TEAM
Hi, I've got another case which requires OLK15MSGSOURCE files converting - intella doesn't see the emails, and I'm struggling to find something to convert it. Were running the newest version of intella, but we've not had any luck. Has support for this been added as of yet? -
Hi Sam, Selective indexing of pages inside documents is not something we are currently supporting. I would suggest to open that document using native application and print desired pages to individual PDFs. Then you could use Intella to index those loose files and perform your investigation on individual pages.
-
Tags not being excluded from search
ŁukaszBachman replied to QasimProtiviti's topic in Intella Connect Feedback
Hi QasimProtiviti, In general this shouldn't be the case. What I can suggest to you is do the following: Clear searches Add a regular search query that will produce 1500 items (like before) Add a regular search query for 100 items tagged as "Irrelevant" Now look at the clustermap - if it contains only two clusters, then that is fine. If it contains three, then it means some of items which you tagged as "Irrelevant" are not in the scope of your initial search for 1500 items. Example: I searched for term "look" and marked 10 of those items as "Irrelevant". When I do those three steps listed above I see: Now, I marked 2 more items as Irrelevant, but I made sure that they don't contain term "look". This is what I see after I repeat my exercise: This pictures clearly says that I have 12 irrelevant items, but only 10 of them are also responsive to "look". So if I now search for "look" and exclude items tagged as "Irrelevant", I see: This might look misleading at first, because for an untrained eye "260 - 12" should equal 248, but it's should now be clear that those two extra items were never a part of the "look" cluster, therefore they shouldn't be accounted for. Hope that I was on the right track here and it helps you down the road. -
I am having an issue with tagging. When I tag items as irrelevant, some of them are not being excluded from the search results when I have specifically excluded them i.e. total results are 1500, I tag 100 has irrelevant but when the search results are refreshed it still shows the number as 1420 rather than 1400. Its not a big difference, but compounded over a large case this ends up duplicating a lot of work. Anyone have any insights as to why this would be happening. Thanks
-
James joined the community
- Earlier
-
As an update, here is the technique I used to deal with this. I don't think this is quite ideal, but it seems to have worked reasonably well in this case: For all Top-Level Parent emails, I exported the following fields to a CSV file: DocID Subject Sent Attachments From To CC BCC Conversation Index Using Excel, I identified all emails that contained the exact same values for ALL of the fields in red above. Using a spot check, I confirmed that the resulting documents indeed appeared to all be duplicates. Note this technique does not actually compare the email bodies. A better technique would certainly consider the bodies as well. Bryan -
QasimProtiviti joined the community
-
Hello! My apologies if this has already been address, but I could not find it through search. I am dealing with MST Exchange emails. The emails contain a mix of standard SMTP email address as well as Exchange X.400-style addresses. De-duplication becomes a big problem here. Emails that are otherwise identical have different message hashes when one email has the SMTP address and another email has an X-400-style address. Is there any way currently to de-duplicate these? I know that as of the latest version of Intella, you can configure Message Hash to ignore certain attributes (including headers and recipients). This should work, but I'd really like to have more fine-tuned control than this. Ideally, it would be amazing if Intella could intelligently recognize that two emails are identical even if they use a mix of SMTP and X.400-style addresses. From my experience, this issue is very common in dealing with Exchange exports. Any thoughts would be greatly appreciated. Thank you! Bryan
-
Exceptions, Reprocessing, Case merging
Chris replied to dale's topic in Intella 10, 100, 250, Pro and TEAM
Hi, Selective re-indexing is indeed on our roadmap. I see how the change in how items are merged into a case makes sense and how that can be used as a workaround in the interim, so definitely worth looking into!- 1 reply
-
- 1
-
-
- exceptions
- out-of-memory
- (and 2 more)
-
We are looking for features in Intella that allow for selective re-processing of items and families of items; and change in the behavoir of the 'export into case' function relating to items that previously resulted in processing exceptions, i.e., when a case containing a 'cleanly' processed version of an item is merged into a case where the same item perviously resulted in processing exceptions, the 'exception' item and associated meta data including exception flags will need be replaced by the 'cleanly' processed version of the item. Background: During processing Intella will eventually generate exceptions. This cannot be avoided. Depending on what the affected items contain and what the underlying issue is, you may find yourself in the situation where you have re-process that one item or its parent, e.g., after having made changes to Intella memory allocations or to the source container, having added credentials. The issue here is, that Intella offers all or nothing, i.e., the entire case will need to be re-processed or the source needs to be removed and re-added. Depending on case size such reprocessing can be very lenghty. Attempting to re-add the same source or subset of the source to the case will fail to be reprocessed as unless the item that previously failed has a different MD5, Intella will not actually process the item again and merely track it as a duplicate of item that was processed intialy and resulted an in exception. The duplicate will be shown as having the same exception as the 'first' copy of the item. We have examples where we created a new case with different settings / decryption credentials and managed to process the source data (with the same MD5 as the one that failed in another situation) without exceptions. Upon exporting this 'clean' case into the case where the processing of the item(s) being merged resulted in exceptions, we are facing the issue that the newly imported items will 'inherit' the exception from the initial case. This leaves no option other than to either alter the MD5 of the source item (!) or to reprocess the case (can be very lengthy).
-
Hi Jason, I have sent you the download link and other information.
-
Hi Guys - we are current Intella team and Intella connect users and currently utilize Magnet Axiom in our forensic investigations. We would love to test out W4 Best regards, Jason Coyne
-
Hi Shoeb, You will need to purchase another Node license if you want to use two Nodes at the same time.
-
Thanks for your support Jon! However, my concern is can 1 node work on two machines simultaneously or will I have to buy another node to process/index 2 cases at the same time? -
Hi Shoeb, What you can run depends on what licenses you have purchased, and are on the dongle. The purchase of Connect also comes with a processing license (Node). These two licenses are on the same network dongle. The dongle is designed to work across the network, so yes, you can run Connect on one system, and Node on another system at the same time. Installing Connect/Node on those systems, also installs the license manager and dongle drivers.
-
shoebk24 joined the community
-
Hi, I have bought the Intella Connect 2.2.2. I want to know how to process two different cases on two different computers in parallel using Intella Dongle. The manual says "A prerequisite for using network dongles is that the so-called HASP driver is installed on both the client and the server" So, can we run two different cases post installation of this HASP driver. Moreover, there is only one dongle provided. Is it a pre-requisite to have a dongle to process/index on any case on Intella Connect. Or it can process/index two different cases on two different computers in parallel with use of a single dongle.?? Regards, Shoeb. +971 50 104 3633.
-
Intella 2.0.1 Empty Processing Time
admin replied to ifinch001's topic in Intella 10, 100, 250, Pro and TEAM
At 47GB Intella will take a long time recovering deleted. Was this a natural PST (made by Outlook) of a PST exported by a program? -
Nate joined the community
-
Intella 2.0.1 Empty Processing Time
Nate replied to ifinch001's topic in Intella 10, 100, 250, Pro and TEAM
Having the same issue with a 47GB PST. It runs through the PST very well but then stops and now is crawling for the last 3-4 hours with no additional results. I rant this a couple times already and did a scanPST in between the last time which reported and fixed errors. -
Charlotte joined the community
-
Creating a Load File in Intella
jon.pearse replied to jon.pearse's topic in Intella 10, 100, 250, Pro and TEAM
Hi, Just an update on the request for the ATTACH_RANGE field. This field will be available in the next release, which is a month or so away. -
Sandy joined the community
-
Hi Bryan, This is a suggestion. Make sure that you test this to make sure that you are getting the correct results, and that the wrong items are not being missed, or included. You could search over the CC field only by selecting that field in the Search options. Then search for this in the search box: * NOT attorney@lawfirm.com That should bring back anything that is in the CC field that is not attorney@lawfirm.com
-
Hello! I'm working on a privilege keyword search for a client. The client has requested that I search for emails to/from their attorney. This part is easy enough to implement. Here's the hard part: The client has requested that I exclude items in which privilege may have been waived by CCing another person. In other words, if the client communicated with their attorney but also CCed someone else, we don't want that search result to be returned. Ideally, it would be great to craft a search something like this: (from:attorney@lawfirm.com OR to:attorney@lawfirm.com) AND NOT cc:[anyone other than attorney@lawfirm.com] Of course, that's not a valid search, and I don't think that such functionality exists. The only way I think this can be done in Intella is as follows: Run the basic search: (from:attorney@lawfirm.com OR to:attorney@lawfirm.com) and select the resulting bubble Review the Email Addresses Facet and look for any CC (or possibly other) addresses OTHER THAN attorney@lawfirm.com Remove these items from the results I believe the above should work, but I'd love to know if there is a better way to do this. Thank you! Bryan
-
Ismael Rivera joined the community
-
This one is actually easy. Do this: (1) pull up some items from your case; (2) highly some for export and then right-click and select Export > selection... (you'll actually abort this operation, so don't worry about naming or the destination folder not being empty); (3) check the box for "Add to export set"; (4) then select that radio button for "Add to existing set," and then select the export set you want to delete from the drop-down menu; (5) when you select this radio button, the previously grayed-out "Remove" button will be highlighted, which you can then click to delete the export set containing the error. Intella will give you warning prompt to make sure you have selected the correct export set to remove. Once you proceed, Intella will irreversibly delete the export set, so just make sure you have selected the right one to delete. Hope that helps! Jason
-
IPS Temp Admin joined the community
-
Hello! Is there a way to delete (or rename) an Export Set? I have a case in which I created an Export Set with some error in it. Unfortunately, when I fixed the errors, I created a new Export Set with the same name as the bad Export Set. It is really confusing to have both of these in the same case, so I'd like to delete the bad one (or rename it). I see that there exists a button to "remove" an Export Set from the Export menu. This button doesn't seem to actually do anything, though. Perhaps this hasn't actually been implemented? Thank you! Bryan
-
Hi Rio, Thanks for your feedback! Yes, we plan to improve the link functionality in future versions. Could you clarify what you mean exactly by extending the link attributes of a file to Registry entries where they exist? A specific example would also help.
