Jump to content

Chris

Administrators
  • Posts

    205
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Chris

  1. Vound is pleased to announce the official release of Intella 2.6.1. Intella, Intella Connect and Intella Investigator 2.6.1 are available from the Software Downloads section on the Vound website, after logging in with your Dongle ID and organization name. Users with a 2.5.x license need to use the Dongle Manager to update their dongle to the 2.6.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for acquiring and indexing S3 buckets. Added support for acquiring and indexing various Google services. Improved the presentation of contacts, meetings, invites and phone calls. Several improvements for exporting to Relativity(One). Command-line support has been extended with options for case conversion, custodians, type filters, various forms of exporting, and more. Case conversion with IntellaCmd.exe no longer requires a license, allowing the task of converting large amounts of cases to be spread across several machines.
  2. Patch version 2.6.0.3 for Intella Connect and Intella Investigator has been released, containing the following: Resolved an issue with the text of certain MSG emails only being partially extracted. Resolved an issue with the case conversion of certain OCR-ed items. Resolved an issue with the Previewer's Email Thread tab not displaying the email thread. Resolved an issue with the Export to CSV dialog staying in "Initializing..." state. Resolved the Table and List view not rendering item rows when the corresponding item did not have a MIME type. Resolved an issue with the Coded column not being visible in the Table view, the CSV export and other places. (Investigator only) Resolved references to Intella Connect in the Intella Investigator Welcome page. Please visit the Software Downloads page to download the latest version.
  3. Intella patch version 2.6.0.3 has been released, containing the following: Resolved an issue with the text of certain MSG emails only being partially extracted. Resolved an issue with the case conversion of certain OCR-ed items. Please visit the Software Downloads page to download the latest version.
  4. The following patch releases have been issued since the 2.6 release: 2.6.0.2 Resolved an issue with case conversion not carrying across evidence item paths. Resolved an issue with some chat messages in UFDR reports not being indexed when the "Conversations only" option was chosen. Resolved an issue with skin tone analysis post-processing tasks failing to execute. 2.6.0.1 Resolved an issue where case conversion would not carry across OCR results completely to the new case. Please visit the Software Downloads page to download the latest version.
  5. The following patch releases have been issued since the 2.6 release: 2.6.0.2 Resolved an issue with case conversion not carrying across evidence item paths. Resolved an issue with some chat messages in UFDR reports not being indexed when the "Conversations only" option was chosen. Resolved an issue with skin tone analysis post-processing tasks failing to execute. 2.6.0.1 Resolved an issue where case conversion would not carry across OCR results completely to the new case. Please visit the Software Downloads page to download the latest version.
  6. Vound is pleased to announce the official release of Intella and Intella Connect 2.6. Furthermore, the 2.6 version introduces a new product - Intella Investigator - that combines functionalities found in Intella TEAM, Intella Connect, and W4. Intella Investigator is ideally suited for teams of investigators, supporting their investigation workflows and case management needs. Intella, Intella Connect and Intella Investigator 2.6 are available from the Software Downloads section on the Vound website, after logging in with your Dongle ID and organization name. Users with a 2.5.x license need to use the Dongle Manager to update their dongle to the 2.6.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Enhance indexing through crawler scripts. Compound case improvements. Added AI-based image categorization and object detection. Added support for changing the thumbnail size, zooming into a specific thumbnail and other thumbnail usability improvements. Added support for video thumbnails.
  7. Hello Shaun, Thank you for this detailed analysis! This may also help other users with finding out how to optimally utilize their hardware. I believe I can provide most of the answers. When processing a single archive such as a .tar.gz file, a single crawler is indeed assigned to it. There are a few exceptions, e.g. when a PST or disk image is encountered in it: it will be extracted and assigned to a separate crawler. Note though that a single crawler still typically runs 4 crawl threads internally, so a decent amount of multi-core processing should still be seen. I tested the enron_mail_20150507.tar.gz file using Intella 2.5.1 on my 4C/8T machine and often had somewhat above 50% CPU utilization with only 1 crawler. I suspect it could have been higher if I had used an SSD for the case drive - the disk seemed to be a bottleneck here. I could not replicate your observation that only 2 crawlers are used when specifying the enronmail folder, and 16 crawlers when specifying the underlying enronmail/maildir folder. I also cannot think of a reason why this would happen. The number of immediately nested items is not a factor in determining how many crawlers are launched. Can you double-check the "Crawlers count" line in the case-main-[date].log file of that test run? It that turns out to be 16 or "AUTO", and still only 2 crawlers are used, I would invite you to open a support ticket and share the log files with us. With this particular data set (100Ks of EML files), extracting all files will mean that accessing the evidence will incur quite some overhead on the file system, compared to when reading (streaming) everything from the same large file. Which setup is faster can't always be predicted up-front, but every call to a different file in the file system has an impact on performance. With lots of small files this becomes noticeable, and keeping everything in an archive may in fact be faster. Your memory setup looks OK, though probably on the high side for the crawlers. Note that "left-over RAM" will be utilized by Windows for disk caching. This helps a lot with indexing large cases, where the various case indices can grow to considerable sizes. The Windows Console Host processes are the result of Intella launching new sub-processes. Nothing to worry about. Thank you again for your info! Let us know how we can be of further help.
  8. Hello all, Due to the large amount of requests for information, we are posting our reply regarding the Spring Framework vulnerabilities here, as opposed to individual support ticket replies. Critical vulnerabilities in the Spring Framework have been discovered and have leaked out before their official reports. These vulnerabilities will likely soon be published as CVE-2022-22963 and CVE-2022-22965. Intella Connect, Intella Node, and other Vound products do NOT use or depend on the Spring Framework. This holds for all past and current versions. They are thus NOT affected by these vulnerabilities.
  9. Vound is pleased to announce the official release of Intella and Intella Connect 2.5.1. Intella and Intella Connect 2.5.1 are available from the Support section on the Vound website, after logging in with your Dongle ID and organization name. Users with a 2.4.x license need to use the Dongle Manager to update their dongle to the 2.5.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added compound case support to Intella Viewer. Extended IntellaCmd.exe functionality. Stability and performance improvements. IMPORTANT: Deleted item recovery is now turned OFF by default.
  10. Vound is pleased to announce the official release of Intella and Intella Connect 2.5. Intella and Intella Connect 2.5 are available from the Support section on the Vound website, after logging in with your Dongle ID and organization name. Users with a 2.4.x license need to use the Dongle Manager to update their dongle to the 2.5.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added compound cases, for instantly bundling two or more cases into a single case. Upload cases to an Intella Connect server. Various improvements to indexing stability and crawl process monitoring. Usability improvements in chat message presentation. Added two-factor authentication (2FA) and single-sign on (SSO) support in Intella Viewer. Added indexing of AFF4-L logical images. Added indexing of Relativity RSMF files. Added indexing of HWPX documents. Improved near-duplicate processing with faster and improved results. Improved rendering of emojis. Added sentiment analysis, for detecting very negatively or positively worded texts. Added support for nesting phrase and proximity queries. Exporting to PST no longer relies on MS Outlook.
  11. Hello Phillip, Yes, this is certainly possible. The Intella 2.4.2 User Manual, section 26.5 ("Exporting to an Intella case"), explains how a set of items can be exported to another case. When you do this with all items in the source case, you are effectively merging the two cases. For safety, you may want to create a copy of one of the cases and then export the other case to that copy. Should anything go wrong, your original cases will then not be affected by it. Furthermore, we are currently working on compound case functionality. Whereas case merging/exporting actually merges the case databases (costing time and disk space), the new compound case functionality creates a light-weight case in which two or more cases are virtually and instantaneously merged. This functionality will become available later this summer.
  12. Vound is pleased to announce the official release of Intella and Intella Connect 2.4.2. Intella and Intella Connect 2.4.2 are available from the Support section on the Vound website, after logging in with your Dongle ID and organization name. Users with a 2.3.x license need to use the Dongle Manager to update their dongle to the 2.4.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for X-Ways images (CTR and E01 files). Added the ability to edit source settings. Added a case log analysis utility, providing instant insight into common case errors. Added support for displaying HEIC/HEIF images. IntellaCmd.exe can now handle keystore information. Faster creation of ICF files.
  13. Vound is pleased to announce the official release of Intella and Intella Connect 2.4. Intella and Intella Connect 2.4 are available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a 2.3.x license need to use the Dongle Manager to update their dongle to the 2.4 license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for indexing AFF4 and VHDX files. Added support for Volume Shadow Copies (VSS) data. Considerable improvements in indexing MS Exchange EDB files. Added support for Oxygen 12 and 13 reports. Added detection of near-duplicates. Sources can filter on file type, reducing indexing time and disk space used. Cloud sources can filter by date range, reducing the acquisition time needed. Added custodian-based deduplication and family-based deduplication. Added highlighting and listing of Content Analysis entities in the Previewer. Performance and scalability improvements across the board.
  14. Hello, We certainly plan to look into that export connector. At the moment I cannot predict when that will be available though.
  15. Vound is pleased to announce the official release of Intella and Intella Connect 2.3.1. Intella and Intella Connect 2.3.1 are available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a 2.2.x license need to use the Dongle Manager to update their dongle to the 2.3.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Index BitLocker disk images, APFS file systems and Slack exported content. Added hash-based filtering of items during indexing, e.g. for DeNISTing. Added a top-level Errors tab, giving an overview of all indexing errors. Added colored tags. Improved Includes functionality. Several improvements to the Keywords tab, including new export options. Added redaction templates and text overlays. Added Custom ID and Custom Family ID columns.
  16. Thank you for your feedback on this. In Intella 2.3 we moved management of the memory settings from the .l4j.ini files to the case preferences, where they are edited via the Case Manager. Among the reasons to do so is the fact that the settings that are required to successfully index, or even open, a case may (also) be data dependent, e.g. related to the number of items, or the presence of files of a specific nature such as MS Exchange EDB files. Such memory settings need to travel with the case when it is migrated to a different machine, or when it is picked up by Intella Node. Furthermore, the old settings had to be repeated for every new Intella installation on that machine, as well as on other machines. End users may even lack the permission to alter the .l4j.ini files on their machine. Nevertheless, you are totally right in that the system used to open the case is also a major factor, especially when it comes to crawler settings. We are anticipating future enhancements to memory management, including system-specific preferences/upper limits, and sanity checks on the stored values w.r.t. the machine the case is currently opened on.
  17. Hello, You can indeed do a search like e.g. "car NOT path:car", but a drawback is that items that have a hit for "car" in another field besides the path field are then also excluded. What I suspect you really want is to simply ignore the text in the path field. Fortunately, the Keyword Lists does take into account the search options selected in the Keyword Search panel. You can simply unselect the Path field there. Note that in Intella 2.3 we added a separate "File name" field. Depending on your situation, you may want to uncheck that one as well. We plan to give the Keyword Lists facet its own search options list in a future version, to make this type of control more apparent.
  18. Hi, Selective re-indexing is indeed on our roadmap. I see how the change in how items are merged into a case makes sense and how that can be used as a workaround in the interim, so definitely worth looking into!
  19. Hello Bryan, Please try running the installer like this: setup-intella...exe /S It will run the installer in the background and install Intella in the default location. Some windows will still briefly open and close when certain settings are made, but no user interaction is necessary. Note: we have not tested this switch a lot and therefore we do not officially support it. It worked fine on my system though and I am quite confident that it will work on other systems.
  20. Hi Bryan, What's in the User Manual is all the documentation that we have on it. Please do make sure you use version 2.2.1, as it contains improvements in both documentation and software. That said, with every release we make significant adjustments to the documentation, based on the questions that we receive. So please do ask!
  21. Hello Bryan, Good to hear that you're up and running! Your output indicates that it is now indexing successfully. The "Product license not found" message seems to be a side-effect of how IntellaCmd currently checks for a license. It first looks for an Intella TEAM Manager license, and if that is not available, it will look for an Intella Professional license. This message seems to be a misleading logging statement resulting from it not finding a TEAM Manager license in your case. I'll see to it that that logging statement gets removed.
  22. Hello Bryan, It should certainly work with that product. Can you tell us: The command-line invocation that you use? You can redact e.g. folder and evidence names, this is only about the options that you use. The full output of the process, as visible in the console.
  23. Hi Bryan, Can you try launching the regular Intella? Does it start at all? If so, what product name is stated at the top of the Case Manager window (e.g. "Intella Professional")?
  24. Vound is pleased to announce the official release of Intella and Intella Connect 2.2.1. Intella and Intella Connect 2.2.1 are available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a 2.1.x license need to use the Dongle Manager to update their dongle to the 2.2.x license. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added a Welcome tab. Improvements supporting the large-scale redaction of items, such as queuing items for redaction based on their keyword hits, pre-generating redaction PDFs to speed up the Redaction tab’s loading time, redacting entire page ranges, and the automatic redaction of duplicates. Reorganized the right-click menus in the Table and other components. Several facets load faster. Many indexing and OCR improvements.
  25. Hello Jonas, Great to hear that the collection with two-factor authentication went smooth. I take it that you are referring to the iMessage items that are stored in the iCloud account, right? This is a recently added iOS feature that we do not support yet. It is on the roadmap though.
×
×
  • Create New...