Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by admin

  1. Are you using 2.4.2? If so please PM us your dongle ID>
  2. Hi - We would be happy to do it but Magnet would need to agree. My suggestion is to ask Magnet to allow this to happen.
  3. Hi, We did offer to do this some time ago. However it was not successful. Do let us know the artifacts. Perhaps we can add to W4?
  4. If you were one of our beta testers on W4 thank you!. Please contact us so we can give you a free copy of the official release as a thank you.
  5. Hi Any popup blockers or cookie blockers?
  6. Do let us know if you want to be one of the first to try the new W4 features. W4 1.1.0 Release Highlights Highlights · Added recipes functionality. Recipe is a mechanism to configure and run searches based on common case types. W4 comes with several pre-configured recipes that allow to investigate some common cases in one click (such as IP Theft). · Added new categories (used in default recipes): o Emails and email attachments sent to personal accounts o Chat attachments and file transfers. o Common websites: webmail, social media, cloud usage, productivity. o Network share access. o Printed documents. o Last day, last week and odd hours activity. · Triage features: o W4 is now available as a portable app that can be run on any PC without installation. o W4 comes with an embedded software license that is valid for 1 year after the release date. o Added indexing a live running system (local physical or logical drive). o Added optional automatic RAM capture on startup. o Added an option to specify the exact categories that need to be processed. That allows to perform a quick scan. o Added search profiles. It allows to export all case settings to a template that can later be re-used in a new case. That includes preferences, keyword and hash lists, recipes, source settings, tags, reports. o Added triage launcher that allows to index a new PC in one click based on a pre-configured case template. o Added Acquisition tab which allows to acquire evidence. Supported evidence types: § Memory (RAM) § Physical and logical disks (E01, DD or AFF4) § Folders (ZIP with preserved locations and timestamps) § Common system files (ZIP with preserved locations and timestamps) · Added hash lists support (DeNISTing). · Thumbnails view improvements: Deduplication, Size filter, Sorting, Thumbnail size. · Added indexing AFF4 disk images. · Added indexing volume shadow copies. · Added indexing Window 10 timeline. · Added indexing MRU items (recent documents). · Extended keyword list functionality that allows to specify: o Where to search: file name only, metadata or metadata and text. o Which categories to search in. For example, it will allow to search in browser history only. For access to the beta please reply to this thread.
  7. We are looking to have our new version of W4 tested by our community. We have added a few featured that have been requested. A few of the highlights. W4 will run from a USB in portable mode. Will create images Case based templates we are calling recipes. Do let us know if you have time to test.
  8. Brad, Please see the 2.3.1 Connect user manual for these detail. Also note the sections on memory management and configuration as they are just as important.
  9. Dear All, Important notice: Note that we will be moving to a new support system within the next month. For security reasons you will need to create a new account and password to use on the new support system. More details will be provided in due course.
  10. Dear All, Important notice: Note that we will be moving to a new support system within the next month. For security reasons you will need to create a new account and password to use on the new support system. More details will be provided in due course.
  11. Please ensure you are using Connect 2.3.
  12. Hello Delson, Error 33 is always caused by the HASP driver being blocked by an antivirus program. We know Cylance, Comodo and AVG get this wrong. It is very poor house keeping from these AV companies. If you are using these AV's you need to turn them off during install and white-list the Intella folders before turning them on again . Similarly if you are getting the error 33 during install, then reinstall with your AV/Security switched off.
  13. 2.3 Release Installers for Intella 2.3 and W4 will be available early next week (23-24 July). We are making a small change to the Flux capacitor before final release.
  14. At 47GB Intella will take a long time recovering deleted. Was this a natural PST (made by Outlook) of a PST exported by a program?
  15. HI, folks, there is a new beta available if you wish to try these new features.
  16. W4 (Who, What, Where, When) is a tool for fast review and investigation of computer forensic images and evidence. The goal of W4 is to allow investigators to rapidly review a set of evidence and locate items of interest. The main interface of W4 allows for timeline filtering and linking items such as: Operating System files Programs used Devices connected Files and Folders Browser Histories Notable Items Communications (Email, SMS, Chat) Documents Media Transport links Tags Work product While W4 is still in the development stage we are looking for a number of beta testers to assist with how the program works in different environments. W4 Usage: W4 differs from Intella type products as the goal is to look at system setting, browser history and device usage to detect any items of interest. While there is some overlap with Intella's Insight tab this differs from Intella where the user is focused more on user created data and email content. Common usage of W4 is detecting what devices, such as USB devices, were connected to a system and what data was copied to them. Another usage is filtering by time and date to only certain file or record types. An example would be all Internet Explore history from Jan to Feb. A great deal of development time has gone into simplifying time-consuming tasks such as decoding dates and categorizing registry entries. W4 has a category to highlight Notable items. This category automatically populates on processing and lists any references to Cryptocurrencies, Darknet and BitTorrent. Visual review As with all Vound products, we focus on the visual presentation of results. To facilitate this W4 uses a number of visual elements to better understand the evidence. The visual timeline: This allows the user to select a date range but also understand how much data is in that range. Events overtime log: This view allows the user to visually see in chronological order every event in order. This view can be filtered to only certain events and is very useful to tracking user activity over time. Item linking map: This view uses item metadata to link items together. This is extremely useful to see ownership of data and what accounts or devices had access to the data at some stage in its lifespan on that system. A simple quick start set of images is located at: https://www.vound-software.com/W4/ A sample image below. How can you help: We are looking for beta users to run W4 on a range of images and environment. Let us know what you like and what could be better. We are looking for ideas on what other features would be needed to make it your go-to tool for this type of work. If you would like to be a beta tester please contact us directly.
  17. Hi At the moment the Insight tab is not configurable. We will add something like this in future versions.
  18. Hi - Unfortunately not something that is possible with our current setup.
  19. HI Rashid, We are using the Sentinel driver in a very vanilla way (no custom changes), we have made no special changes to the Sentinel implementation. If Intella works and your other software is not functioning. It would be very difficult to tell what it is about the other software that is broken. Their support may have more details on this. A helpful tip for you is to look at this page on your system: http://localhost:1947/_int_/diag.html
  20. HI Jason, Item removal will be part of the next version of Intella. We are also looking at the placeholder option. Unfortunately we have no snapshots we can share with you now but will let you know soon as we have stable code.
  21. Hi - Can i suggest you start a support ticket and send in your log files. This will be the easiest way to work out what is happening.
  22. Hi Hans, From top menu: Sources > Edit Sources will give you this information.
  23. This is were using the RAW tab is required. The RAW tab is a direct dump from the original item, in this case the PST. Apart from the layout for ease of reading, Intella has no interaction with this information. What is shown in the RAW tab field is all there is for Intella to show in the main view. In short if it is not shown in the RAW tab it is not in the PST. Based on this information you should be able to do some testing to see exactly what is going on.
  24. Would something like this help: http://csved.sjfrancke.nl/ CSVed 2.4CSVed is an easy and powerful CSV file editor, you can manipulate any CSV file, separated with any separator.
  • Create New...