Jump to content

All Activity

This stream auto-updates     

  1. Last week
  2. admin
    HI, folks, there is a new beta available if you wish to try these new features.
  3. Kalin
    Some kind of API (RESTful is fine) would be great, to any "non-viewer" product of Vound! BTW, it is getting a bit messy (marketing-wise so to say) on what is what, I am suspecting code-wise there are few components that get packaged in various combinations. For my own sake I call them: front-end (allows shared access to case): Connect/Connect+, TeamManager back-end (processes/indexes new data and makes a case): Node, Pro/250/100/10, TeamManager viewer (allows searching, tagging, comments, export when connected to a front-end or directly opening (single-user) a case on disk): Viewer, WebUI_for_conect So, API for the front-/back-end may greatly simplify complex usage and repetitive (i.e. compliance-solid and auditable workflows). And I am sure there is already API, since viewers communicate with back-ends, it is just not exposed 😄 I thought a few times over the authorization with AD/LDAP and I think (maybe) it would not be that complicated to add it as it stands now. All that is needed is to define the LDAP query per case (and save that in case template). I am referring to https://www.vound-software.com/docs/connect/2.2.2/admin/04_03_02_ldap_guide.html#customized-ldap-queries So, say for department_A cases, something along the lines of: Query base DN: OU=ConnectUsers,OU=Users,OU=MyBusiness,DC=site,DC=local Query filter: (&(&&USERNAME_ATTRIBUTE&&=&&USERNAME_VALUE&&)(memberOf=CN=department_A,CN=Builtin,DC=site,DC=local)) In a way, demoting some of the LDAP config (or all if it's easier) from global to per-case-local and using the default global, if not overridden. I'd be interested to know how other users deal with this (mapping Connect users to OUs) currently.
  4. Alex started following Boolean logic question and Is it possible to highlight terms from special characters/conditions in the search?
  5. Alex
    Hello, Matches of the wildcard searches like this are highlighted. If you think if it doesn't work in your case, I suggest to open a support ticket with detailed information about this issue.
  6. Alex
    Hello, To find these words in a sequence, a phrase pattern should be used: "(tr?s OR 3) (porcento OR percento) (jos? OR paulo)" Note that I omitted the clause with the singe % character, because it cannot be searched alone. Can you please elaborate a bit on what "click on Highlight hits" means? Intella UI does not have a button or other element named like this. The hits are highlighted automatically in the Previewer window when a keyword search result is opened.
  7. Earlier
  8. rodrigoalmeida
    For example:I put "pol?cia federal" in my keyword list, then I get my hits and start reviewing an artifact by opening it. When I click to Highlight hits, could it highlight "polÍcia federal", "polzcia federal" and "polycia federal"? Currently it does not seem to work this way (evaluate the condition and then highlight the possible matches)
  9. rodrigoalmeida
    I have a question about the logic of the query below:("TR?S" OR "3") ("PORCENTO" OR "PERCENTO" OR "%") ("JOS?" OR "PAULO") With this search, when I open an e-mail and click on Highlight hits, it counts and show a hit with just the term "3" (Chapter 3, for example). Shouldn't be highlighting just if there was a full match like "3% PAULO", as it is based on three AND conditions?
  10. f-response f-response joined the community
  11. PrimozKokol started following W4 Beta Testing
  12. Jim Carden Jim Carden joined the community
  13. jon.pearse
    New feature in W4: We have added the ability to colorize tags in W4. This allows the user to easier identify tags by color. E.g. helping to distinguish different tags which are similarly named. The tags are shown, and can be edited in the Tags category on the left of the user interface. When a tag is created, the user can select and assign the appropriate color for that tag. The colorization for the tags are shown In the Tags column of the Items view. Items which are tagged more than once, show the colors of all of its corresponding tags. The colorized tags are also shown in the Events view.
  14. jon.pearse
    New feature in W4: We are adding the ability to ingest a W4 case into Intella. This work should be completed for the next release of Intella (version 2.3). This is actually an Intella feature, however, it is a way to expand on the W4 case, and identify more related artifacts that may be in the dataset. Use case: W4 is designed to extract user and system created artifacts quickly, so that the user has these artifacts ready for review in the shortest time possible. We have had reports from beta testers that W4 has blistering fast indexing speeds, compared to similar products from other vendors. By default, W4 does not index every item in the source dataset like how it is done in Intella (although, there is an option which does allow this). When triaging evidence, the most pertinent artifacts are from user created/altered data/documents, and system artifacts. W4 is designed to take a quick look into the evidence to identify usage on a system. The results can help the investigator to decide whether further investigation is required. If further investigation is required, the evidence can be ingested into an Intella case where you have the full suite of tools and functionality to process and analyse the data. During the ingestion process, Intella allows the user to choose a number of options for the ingestion of the W4 case. The user can expand the already tagged items which are in the W4 case using the Smart Search features. More evidence/artifacts can be identified that are similar to the items in the W4 tags. The new artifacts and data are reported when the ingestion process is complete.
  15. jon.pearse
    New feature in W4: We have added a reporting wizard that allows the user to create fully customizable reports in W4. The report wizard includes these features: Custom fields can be added to the report so that information specific to the investigation (e.g. case name, case ID, dates, examiner, report author etc.) can be included in the report. Sections can be added to the report. A Section is a configurable form which you use to report data and artifacts. This could include data that you have selected, data that you have tagged, or data from one of the categories on the left of W4. With each section, the user can set which metadata fields should be shown in the report for the artifacts being reported. The original files can be exported with the report. The reported will contain hyperlinks to the exported files so they can be quickly reviewed in their native application from the report. The page orientation for each section can be configured independently. This is useful for setting the matching page orientation for the specific data being reported. E.g. a Landscape page orientation can be used when reporting wide table data. The display type for each section can be configured independently. This allows the data to be shown in Table view (useful for tabular data), Events view (useful for timeline), or Image gallery view. With image view the number of image columns per page can be configured. Notes and tags can be added to the section data when shown in Events view. Notes are useful to add more information about artifacts. When creating link graphs of artifacts, these link graphs can be captured and use in reports. The report can be exported in useful formats - PDF or DOCX.
  16. jon.pearse
    Hi all, Here are some updates regarding the progress of W4. Where are we at with the official release? We are planning to have our first official release of W4 this week. The installer for the release will be available for download to our beta testers in the next few days. Beta testers will be able to test the new features which have been added since the beta version was released last year. What new features have been included since the beta release? There have been a number of new features added since the beta version. The new features can't all fit into one post, so over the next few days we will post some of the new features that have been added to W4. That said, here is a short list of what we have added: Reporting wizard which allows for a lot of flexibility when creating forensic reports Ingest a W4 case into Intella Colorized tags for easier tag identification Special Note function. This is useful for adding additional information to discovered artefacts New type of visualization in the Summary tab Thumbnail view for image files Email headers tab
  17. ŁukaszBachman
    Hi Kalin, LDAP is currently only being used for Authentication, not Authorization. We decided to keep our Authorization configuration on the Connect side, so that the integration with AD/LDAP wouldn't be overly complicated. The level of automation you are seeking is not something that can be achieved in the current version of our software. I would love to hear from other users too if this is something they would like to see being added, though. CLI/CMD support is currently a PRO/Team specific feature. We are planning to add more automation to Connect in next few release cycles, but we are more leaning towards developing some sort of RESTful API. Again, any feedback from the community about this would be appreciated.
  18. jon.pearse
    Hi Frank, As you know we currently don't support this. You can either export items to CSV or to original format, but not at the same time. You may be able to add hyperlinks (which open the native item) into the spreadsheet manually. Or, there may be a utility on the internet to help do this.
  19. Kalin
    Going through the 2.2.2 Administrator manual, I've been thinking: Can Connect use LDAP/AD for authorization or only for authentication? In other words, is there a (sane) way to map some attributes in an external directory to the permissions used in Connect? Anybody doing that? https://www.vound-software.com/docs/connect/2.2.2/admin/04_01_user_management.html#permission-types I can probably see a helpful "one-liner" script that queries AD and nudges the Connect setup, although that will be a hack I wouldn't be proud of. The use case I am thinking is a large organisation (say 100 departments), each manager can create cases and each user within the department can by default view cases only in their department. Can this be achieved so that when a user switches departments, s/he looses access to the cases in hte old department and gains access to the ones in the new department automagically (without messing with Connect settings)? BTW, is CLI in Connect or coming (saw it in recent Pro/Team)?
  20. Bryan La Rock
    Hey Jon! Thanks for the suggestion. I actually did consider this (and I probably should have mentioned this in my original post). The problem is that I have a lot of other criteria in addition to the custodians for these searches. There are keyword searches and date ranges as well. Therefore, I need to keep the overall logic to "match all" as opposed to "match any". If I add multiple custodian tags, this will break the search. Ideally, it would be best if Custodian were an option in Tasks (with the ability to select one or more custodians). It would also be fantastic if Tasks allowed you to create logical groups of nested AND/OR conditions for situations like this. That being said, do you have any other suggestions? For this case, I ended up creating tags for groups of custodians. This allowed me to use the Tag option in Tasks to search multiple custodians at once. This is not a good solution, though, as it requires quite a bit of extra work to set up the custodian groups. Thanks again! Bryan
  21. jon.pearse
    Hi Bryan, You can add additional Tag criteria when creating tasks. So you could add tags for 2 or more custodians as a starting dataset for your task. E.g.
  22. Bryan La Rock started following Using Tasks for Automated Processes
  23. Bryan La Rock
    Hi! I'm fairly new to automation through Tasks, but I'm making good progress so far. That being said, I can't seem to find a way to filter results by Custodian. Is this possible in Tasks? As an workaround, I created tags for each of my custodians, since I figured I could filter by Tag in Tasks. Unfortunately, this is still not quite doing the trick for me. This works well for a single custodian, but the technique fails when I need to filter with a list of custodians (since the Tag filter in Tasks only allows for one tag). I'd appreciate any suggestions for how I might get this to work. Thanks! Bryan
  24. frank.massa frank.massa joined the community
  25. frank.massa
    Hello all, Just registered here on the forum. I am a complete newbie to intella. I have been able to get around but I am stuck at what seems like a simple task , but for the life of me I can t get it to work. Basically I have selected a number of items that I want to export for review. I am trying to export the items along with an excel sheet with different information. I am able to do this but for the life of me I cant get a column in the excel sheet to give me a hyperlink to the exported item so that the user can click on the hyper link and opens that item. Any help would be greatly appreciated. Thanks for any help.
  26. frankM frankM joined the community
  27. ryol1234 ryol1234 joined the community
  28. Bryan La Rock
    Thanks so much, Lukasz! In my head, I had replied to this. My apologies that I apparently failed to reply in reality. This is great info and extremely helpful. I'm running an OCR job now and this is giving me the info I need. Thanks again! Bryan
  29. ŁukaszBachman
    Hello uscheerbaum, This can happen in some circumstances, but it depends highly on the type of evidence you are processing. One possible reason of such behavior is Intella running a recovery of deleted mail in a large PST file. This is rather CPU intensive process, which may not necessarily yield large count of items. That would explain why the graph flattens at the end. A rule of thumb when diagnosing behavior like this is monitoring case logs and hardware usage. If CPU is still busy running even one java.exe process and logs suggest that Intella is doing something, then there is no reason to panic. If you see that nothing new gets logged over long period of time and CPU is idle, you may want to address that by issuing us a support ticket.
  30. ŁukaszBachman
    Hi tcbailey239, I don't think importing these proprietary keys is possible. You will have to find some way to export them to supported format.
  31. depshlomo depshlomo joined the community
  32. tcbailey239
    My company uses S/MIME to encrypt messages. The certificate format is proprietary and can not be exported into a .p12 or .pfx format however I can use the proprietary format and import the private key / cert into my local Windows Personal Certificates (on the machine where Intella is used). The keys are marked non-exportable or I would export from there in a different format.. Is there a way to use Intella and have it use locally installed keys? I can open the encrypted items locally in Outlook since the private key is already installed there but no luck in Intella.
  33. uscheerbaum
    Great, thx!
  34. uscheerbaum
    Hi, just realized that the "post-processing steps" cause a 20% usage of the GPU. Would a nice GPU result in performance improvement? Which process steps are affected by the GPU? Thx a lot
  35. jon.pearse
    Hi We are working on Exchange EDBs 2013 and 2016 now. These should be included in the next release.
  36. uscheerbaum started following Idle time when Indexing
  37. uscheerbaum
    Hi, when indexing new sources, the progress often goes down to zero for several hours. During this time there's no indexed item and no harddisk usage (in task manager). Any ideas why Intella has this idle time (screenshot attached)? Thx a lot
  1. Load more activity
×
×
  • Create New...