All Activity
This stream auto-updates
- Last week
-
Hi dale, We have added support for indexing AFF4 images to W4. This will be available in the next release (or, you can get a beta version earlier if you are on the beta testers list). The format will likely be ported to Intella in a future release.
-
Thiago Lahr joined the community
-
+1
-
We are seeing AFF4 adoption increasing (Blackbab MacQusition, BlackLight). Any chance to have AFF4 container support in Intella? See http://www2.aff4.org/ Thank you!
- Earlier
-
Do let us know if you want to be one of the first to try the new W4 features. W4 1.1.0 Release Highlights Highlights · Added recipes functionality. Recipe is a mechanism to configure and run searches based on common case types. W4 comes with several pre-configured recipes that allow to investigate some common cases in one click (such as IP Theft). · Added new categories (used in default recipes): o Emails and email attachments sent to personal accounts o Chat attachments and file transfers. o Common websites: webmail, social media, cloud usage, productivity. o Network share access. o Printed documents. o Last day, last week and odd hours activity. · Triage features: o W4 is now available as a portable app that can be run on any PC without installation. o W4 comes with an embedded software license that is valid for 1 year after the release date. o Added indexing a live running system (local physical or logical drive). o Added optional automatic RAM capture on startup. o Added an option to specify the exact categories that need to be processed. That allows to perform a quick scan. o Added search profiles. It allows to export all case settings to a template that can later be re-used in a new case. That includes preferences, keyword and hash lists, recipes, source settings, tags, reports. o Added triage launcher that allows to index a new PC in one click based on a pre-configured case template. o Added Acquisition tab which allows to acquire evidence. Supported evidence types: § Memory (RAM) § Physical and logical disks (E01, DD or AFF4) § Folders (ZIP with preserved locations and timestamps) § Common system files (ZIP with preserved locations and timestamps) · Added hash lists support (DeNISTing). · Thumbnails view improvements: Deduplication, Size filter, Sorting, Thumbnail size. · Added indexing AFF4 disk images. · Added indexing volume shadow copies. · Added indexing Window 10 timeline. · Added indexing MRU items (recent documents). · Extended keyword list functionality that allows to specify: o Where to search: file name only, metadata or metadata and text. o Which categories to search in. For example, it will allow to search in browser history only. For access to the beta please reply to this thread.
-
Hi, You can split a PST export in to parts by size. More information is in Section 26.2.10 of the user manual.
-
Hello Experts, I have to export relevant data from Intella into PST format. The challenge is I want to split the export into multiple parts based on either by size (~1 GB) or by file count 2000 items per export. Has anyone encounters such situation or is there any workaround? PS: Can be a repetitive question
-
Napster9777 joined the community
-
Rohan joined the community
-
Hi, Are you using the latest version of Intella? If so, there may be something odd with the dataset. Please submit a support ticket for troubleshooting further. -
Mikel2 joined the community
-
I tried to process info received from a Microsoft enterprise email account and the .eml files were all marked as exceptions. Has anyone experienced this and what did you do to make the artifacts process through Intella?
-
MikeL joined the community
-
Near-duplicate identification using shingles
SebastianMeszyński replied to dale's topic in Wishlist Forum Connect
Hello, We are working on this topic and we are planning to add this functionality to Intella product in the next release. Thank you for your suggestion about Jaccard similarity, this metric is one of the metrics which we are testing to improve our near-duplicates analyzer.- 2 replies
-
- 1
-
-
- near duplicates
- shingles
- (and 1 more)
-
SebastianMeszyński joined the community
-
digreat joined the community
-
AndrisR joined the community
-
Near-duplicate identification using shingles
Neil G replied to dale's topic in Wishlist Forum Connect
+1 -
Intella does paragraph-level deduplication. What we'd like to stipulate here is the identification of near-duplicate items (and paragraphs). This could be done using shingles, calculating the ratio of shared shingles amongst items (shingles from item A contained in item B and vice-versa). See also "Jaccard Similarity."
-
Hi Nikki, Good to hear. I'll add you to our list of W4 beta testers. Keep an eye out for an email with more information in the next few days. -Mel
-
Jacques van Zyl changed their profile photo
-
Nikki joined the community
-
Hi, I'm interested in trying out the new version. Interested in the imaging capabilities.
-
Connie joined the community
-
Making Reports with W4 16 June, 2020 | Online One of the most important parts of your examination is reporting on your findings. In this webinar, find out how to take advantage of W4's reporting feature to create quality reports for a variety of cases. You can view the full video recording below:
-
Errors are a good thing, because reverse proxies can have lots of issues that are very difficult to troubleshoot as they don't generate an error. From what I can tell Intella Connect doesn't have any weird webservices or sockets requiring special proxy settings. You should be able to piece together what is going on by reviewing the proxy log in addition to your browser (Chromium browser developer screen).
-
Hi Jon, I'm trying to add a column to the export preset linked to an export set. It happens fairly often that there are levels of agreement between sides, and a change in specifications are not unheard of. I can create a new export set, but my previously-produced items get new numbers.
-
No extra configuration should be required, I think. I would try to compare URLs generated by Connect with proxy OFF and ON. That should give you an idea where the URL rewrite is broken. If you tell us what that place is, we will try to further investigate. Without knowing which URL is rewritten and how we can't really do much. Obviously you could replace your production URL with some placeholder value.
-
Thank you. My specific configuration is I have Intella Connect behind an HAproxy reverse proxy server. SSL termination is at the proxy server. The issue I am having is that I get the login page, but the redirects after the login do not work and I am getting an error that the connection is refused. I am wondering if the reverse proxy needs to be explicit in Intella in order for this configuration to work. Thanks.
-
Hi Lancenudd, Which proxy configuration file are you referring to? Over the years we've seen few customers using proxies and if it worked out of the box depended on the proxy being used. Sometimes they ran into small UI limitations (ex. icon not rendering fine due to wrong URL rewrites), but in general it was working fine. Can you further describe in details the problems you are seeing with redirections?
-
Hello, I am setting up Intella Connect behind a proxy server. I am having an issue where the redirects are not working. I see that there is a configuration file enabling or disabling proxies, but there is very little documentation on proxy configurations. Can I have more information on whether a proxy can be configured in Intella Connect and in what use cases that is recommended? Thank you!
-
Hi, Can you provide more information on what you are trying to do please. Are you saying that some items that were exported in a previous production are being exported in a new production, and you want to use the original bates numbering for those items?
-
AMD has some real benefits now that Intel is consistently patching exploits which tend to make the CPUs slower. For larger implementations, you would design redundancy using multiple systems but it sounds like this is a single box, correct? Fail-over isn't easy to accomplish with a single box, but if disk redundancy is what you are going after, RAID is a great way to do it. Just make sure that if you go hardware RAID, you have a backup card or motherboard because those can get hosed as well. You don't want to trade one nonredundant component for another. "Delayed RAID" sounds more similar to a bare-metal backup, where the system's OS is also backed up and you can throw it onto a new drive and hit the ground running. While you can do this, it doesn't take more than say, an hour to install Windows and a fresh copy of Intella Connect so the benefit here is less clear. On the other hand, taking regular backups of case files can be easily scripted and this is the data you cannot reinstall.
-
All I need some guidance for specifications on a new PC for our Intella connect server. Currently the box we run on is a windows 10 PC approximately 6 years ago, its getting a bit long in the tooth now and needs to be replaced. I want to have something which has some fail-over should the OS corrupt (had it previously) - so some sort of delayed RAID (unsure as of yet). Ram etc and motherboards I'm not too worried about I can spec that easily enough, although has anyone had any experience with using Ryzen based systems? specifically the newer generation. I love them as I have a 3700X at home with 64GB of data and its a beast of a gaming/work horse machine. the main crux is fail-over, if something goes wrong with the OS drive I have a backup meaning I can get backup in a matter of an hour or so.
-
Hi, I'm in a real-world scenario with the production/export specifications changing over the course of this year. I eventually needed to add a couple columns. Easy to do if this is the first production, but many items have already been exported; It would be great to keep the same bates numbering for items being produced again. Reproduction can happen due to family relationships. I noticed the export-set-templates folder contains XML specs. I had some success in editing these (after a backup, of course) to add columns, but when adding Intella Columns such as a tag, the tag ID I copy from a new template simply doesn't work in the export set template. For example, Export Set ABC uses Template 1. In order to edit ABC, I have edited Template 1 using a new template unrelated to a set, Template 2. Unfortunately, the new columns are blank despite using the valid "lines" from Template 2's XML file. Any idea if this is possible to do? The alternative I'm facing at this point, is sending a new bates numbering scheme to opposing counsel and starting fresh.
-
We are looking to have our new version of W4 tested by our community. We have added a few featured that have been requested. A few of the highlights. W4 will run from a USB in portable mode. Will create images Case based templates we are calling recipes. Do let us know if you have time to test.
