All Activity

Thanks Greg, That definitely makes sense. I have added it to our internal wish list database.

Add the ability to select multiple items using Control +, as opposed to individually selected and accepting each, one at a time.

Hi Fabian, You're welcome. Please see my answers below: 1. I see how this could be helpful. Ticket for this was created and will hopefully be tackled in on one of the future releases. 2. It really is just a basic CSV export functionality. Presets would indeed make things more usable. We will think about whether it makes sense to make it part of reporting functionality though. 3. We will consider this. 4. Like you've already found out - we suggest using Intella for more detailed reporting. 5. Good idea. Ticket was created for this. 6. So the idea there is to show all folde

This was it. Thanks to all for the suggestions!

Hi Stephen, Have you checked this option in tagging window?

Hi, This is probably a permission issue. Here is a list from the Admin manual. Have you set the second permission for that specific role? Review related permissions: • Can create new tags - allows users to create new tags. • Can edit all tags - allows users to edit tags, even if they were created by other user. • Can delete tags and taggings from other reviewers - users having this permission will be allowed to delete tags and taggings created by other reviewers. In previous versions of Intella TEAM, only Case Manager was allowed to do that. Now this action is available to

Is there a trick to untagging a tag done by another? when I remove and save, the tag remains under "other's tags."

Hi Jon, I'm not talking about caching the evidence within the case directory. However every native file (docx, eml, xlsx etc.) that is recognized and indexed by intella gets written to a huge binary database file. This accounts for most of disk space used in the case folder structure. That information is required for native view, exports etc. However that data is, at least in my opinion, not used when searching for text within the lucene index. It would be a cost saver to have that binary storage of the original contents of files moved to HDDs, and have Lucene among other i

Hi, thanks for fixing my forum permissions, now I can post in the W4 section 😀 We are using W4 in several data theft cases with good results. With a few changes to the product we also could use it with other cases like CP / sexual abuse type of cases. Also we noticed some features need a bit of polishing: The “export to csv” option is somewhat broken. If columns contain a comma no escaping of the separation character was used in previous W4 versions. The latest version adds a text-qualifier for values that contain a comma. Usually the “item id” is the first column if it exceed

Thanks Jon, that's what I ended up doing in the end and it worked perfectly. Thanks.

Hi Fabian, yes it is much the same as how it works in Intella Desktop. The Node is the processing system so it should have good resources, and the data should all be local. Once a case has been processed, you could move it to another system. For the evidence, you don't need to cache it into the case. For review purposes the evidence is not required. It is only required for further processing jobs (such as re-indexing the case), and exporting items from the case. If the evidence is not cached into the case and it has been moved, you can reconnect the source in the Sources tab. So yes, you

Hi Jon, thanks for the input. So basically it's the same workflow as if I would process it with Pro/Team except that apart from the copy job everything is neatly manged through the Connect WebUI. I just remembered that Intella Pro/Team also have an Optimization folder. If Node uses the folder the same way then I don't need further explanations. In that scenario the crawlers would just dump temporary data into these folders. I was hoping that maybe the database that contains all the binary data of the evidence could be moved to a separate location. Regards, Fabian

Hi Fabian, you can think of Node like Intella Pro, but without a user interface. The user interface for creating cases and adding evidence to cases is built into Connect. Connect and Node work together for these functions. Node is the processing engine, and therefore, the most efficient way to process data in a case would be to configure the Node system like you have done for your Intella Pro system. E.g. separate local drives on the Node system for the Case, Evidence, and Optimization will provide best performance. Using SSD drives over traditional rotating platter drives would yield eve

Hi Fabian, you should be able to see the W4 forums as they are open to the public. We have moved this message to the W4 section. Other useful posts on W4 can be found here https://community.vound-software.com/forum/16-w4-forensic-triage/ The W4 with list is here https://community.vound-software.com/forum/19-wishlist-forum-w4/

Hello, up until now I've been preparing cases for Intella Connect with Intella Team or Pro. With some additions to our hardware pool I've setup a shiny new processing Node. The setup was pleasently easy and configuration is done through Connect's WebUI. I was able to speed up the cumbersome SSL import by just copying the keystore over to the Node (maybe that should happen automatically when wildcard certs are used?). For the last years I've quite mastered how Intella Pro/Team use their resources and what type of storage to use. the largest Case I've put together with Team has about 3

Hello, as we are using W4 more and more for early case assessments and other forensic work that doesn't require Intalla's extensive search feature I would like to provide some feedback. I didn't find a separate W4 forum section so I wanted to ask where to put my feedback. regards, Fabian

Hi, you could export all of the items in the case (apart from the items you don't want to share) to a new Intella case. There is more information about this in Section 25.5. 'Exporting to an Intella case'.

Thanks for the reply Jon, I didn't follow this up as the Pivot table did the job.

I have a case where the client wanted to sift the data before allowing access to the data to another client. They've sifted the data and have since tagged everything they do not want to share. I want to create a new case with all the material excluding the tagged material. I did export all the data initially but found that it exported the data differently, and we ended up with over twice the original data. How can I do this so the data looks the same as the original data?

Hi, We don't use the GPU for Intella processes. There might be something else causing this GPU activity.

I was going to ask the same question, but not I note you had no reply.

Maybe you could first search on your tag, then open the Email Addresses facet. Open the From category to see how many emails were sent from each user. Note that the items in blue are the ones that are in your tag. You will need to use the filter option at the bottom of the facet to only show the email address respondent to your searched tag. You will need to do the same for the Senders category as well. Does this work for you?

Thanks Jon, not really what is wanted. They want to know how many emails from each sender within the tagged items. I've exported the list of emails and then created a pivot table to count the email addresses - they were happy with that. Not sure it can be done within Intella.

Have you tried running a KW search for the email address, but only in the From and Sender fields? E.g.

I hope this makes sense: The client wants to be able to review some tagged items mainly to quantify how many emails came from an email address, but they want to determine how many emails are from each mail address and there are alot. Thoughts?