Jump to content

Chris

Administrators
  • Posts

    205
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by Chris

  1. For the sake of historic completeness: this problem was resolved via customer support. The issue was that the same documents were part of a different source that did have the "Index content embedded in documents" setting turned on.
  2. Hello Jason, These steps will let you move a number of cases: Shut down the server. Move the case folders in Windows Explorer. Edit the C:\Users\[uSERNAME]\AppData\Roaming\Intella\cases.xml file in a text editor to reflect the changed paths. Start the server. Unfortunately this means some (limited) down-time for the entire server.
  3. Hello Adam, Yes, that should indeed work fine.
  4. Vound is pleased to announce the official release of Intella, Intella TEAM and Intella Connect 1.9. Intella and Intella Connect 1.9 are available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Please read the release notes before installing or upgrading to ensure you do not affect any active cases. Users with a 1.8 license need to use the Dongle Manager to update their dongle to the 1.9 license. Highlights Added indexing of MS Exchange EDB files, in their entirety or by mailbox. Added indexing of Skype databases. Added indexing of SQLite databases. Added custodian support. Added an Irrelevant Items classification, for suppressing items that have no intrinsic value to the case. Added support for determining advanced keyword statistics. Added the ability to refresh a case and pick up new evidence items. Several improvements to indexing IBM Notes NSF files. Added Primary Date and Family Date attributes. Added tag group columns. ... and many more. For full details and upgrade notes see the Intella and Intella Connect release notes.
  5. At the moment this is not possible. This is planned for a future version.
  6. Regarding the master plan, I see what you did there... I'm making a note of this. I can't predict if and when we will implement this, but I sure do get the workflow that is possible when all these ideas are implemented.
  7. Hello Adam, Are you able to share an example mail with us via a support ticket? That will help greatly in finding out what's going on here.
  8. Intella's focus is on the active data. We do not display this field at the moment. We may add this in a future version.
  9. Hello Phil, You say that the hashes are different: are you looking at the MD5 hash or the message hash? There were no changes regarding message hashing in the last versions.
  10. Hello Phil, It is indeed shown at the top of the page instead. However, when you do a Print Tab from the Previewer, you get the subject both as the title and in the headers part. I will consult with the developers why this is not done consistently.
  11. Hello Adam, The more prominent use of tags in the export output is something that we hear more often. Applying this to the CSV export makes sense to me, so I'm making a note of this.
  12. Hello all, We are getting close to the Intella and Intella Connect 1.9 releases, which feature a large list of improvements: A selection of the improvements in Intella 1.9: Added indexing of MS Exchange EDB files, in their entirety or by mailbox. Added indexing of Skype databases. Added indexing of SQLite databases. Added custodian support. Added support for determining keyword statistics. Added the ability to refresh a case and pick up new evidence items. Several improvements to indexing IBM Notes NSF files. Added primary date and family date attributes. Added tag group columns, showing only tags from a specific part of the tag hierarchy. Additionally, Intella Connect 1.9 will have the following improvements: Connect can now index new cases by itself or delegate indexing to a separate machine. Added support for LDAP providers. Added custodian support. Added primary date and family date attributes. Added export sets functionality. Added tag group columns. We invite our users to try out a beta version of this release. Should you be interested, just reply to this topic, send me a private message or open a support ticket. We will then provide you with the necessary information.
  13. Hello all, We are getting close to the Intella and Intella Connect 1.9 releases, which feature a large list of improvements: A selection of the improvements in Intella 1.9: Added indexing of MS Exchange EDB files, in their entirety or by mailbox. Added indexing of Skype databases. Added indexing of SQLite databases. Added custodian support. Added support for determining keyword statistics. Added the ability to refresh a case and pick up new evidence items. Several improvements to indexing IBM Notes NSF files. Added primary date and family date attributes. Added tag group columns, showing only tags from a specific part of the tag hierarchy. Additionally, Intella Connect 1.9 will have the following improvements: Connect can now index new cases by itself or delegate indexing to a separate machine. Added support for LDAP providers. Added custodian support. Added primary date and family date attributes. Added export sets functionality. Added tag group columns. We invite our users to try out a beta version of this release. Should you be interested, just reply to this topic, send me a private message or open a support ticket. We will then provide you with the necessary information.
  14. Hello Adam, That is correct: the calculation of an MD5 hash of a given binary is mathematically defined (see https://en.wikipedia.org/wiki/MD5 for more details) and should work across applications - that's even one of its intended purposes. What you should take care of is how each tool expects the MD5 to be encoded in the hash file. For Intella a simple text file with one MD5 per line in hexadecimal notation (e.g. d41d8cd98f00b204e9800998ecf8427e) is best. You can also use the CSV that Intella creates when you export out the MD5 and Message Hash columns, as it splits each line on commas and checks each value for being a valid MD5 hash (so headers in the CSV are filtered out). I have seen other tools that wrap hashes in quotes, mix MD5 hashes with other types of hashes in the same file, etc. Those are better removed.
  15. Hi Adam, I'm sorry to hear about the information loss. The export of the events.log to a CSV file is not there yet, we plan to add that in the future.
  16. Hello Adam, This strongly relates to your other post that you made here: http://community.vound-software.com/index.php?/topic/292-audit-logs/ Power outages, disk failures etc. indeed are often lethal to the case. While there are databases that offer protection against that, it is not trivial to apply those without considerably hurting indexing speed, disk space usage, etc. As you say, this hurts tagging more than indexing (and exporting). That is all the more reason to implement exporting of the events.log file to e.g. CSV format, as described in the other ticket.
  17. Hello Adam, At the moment there are the following types of log files: The files in the logs sub-folder. These by nature mostly reflect what the application is doing and not so much what the user did to trigger it. These logs are typically used to combat support issues related to indexing and exporting. Tagging actions are logged in it, but lacking most of the information you want such as the items that were tagged. The audits/local-user.csv can be used as an audit trail of the user's actions. Here the tag name, tagging settings and item counts are included, but still not the item(s) itself. The events.log captures all necessary information about who tagged what item(s) with which tag(s). This file forms the basis of the Activities tab. So the events.log file is the only log that captures all information. The one remaining problem with this file is that it's a binary format file. It can be used to recover lost tags using a case backup (see section 10.8 of the user manual), but it is not in a human-readable format. We plan to make the events.log file viewable and exportable to other formats in a future release.
  18. Chris

    Wish list

    In the Search view, open the Tags facet, right-click on the tag and select "Pin tag..." It would make sense to make these tags pinnable from the Previewer as well though... All your other requests are great feedback!
  19. Chris

    Wish list

    Hello Adam, About your request on setting the default settings of a new case: I could see that being added in a future release. Default settings can be mimicked by simply copying the [case folder]/prefs/case.prefs file from one case to the next, but clearly this can be made a lot more userfriendly, especially for Connect where file system access on the server may be non-trivial. Locking certain settings using permissions would be a logical next step. The deduplication setting is tricky though: deduplication takes one item out of the set of duplicates, but it is not defined which one is taken. If tagging is not set to "tag duplicates", this may sometimes give the appearance that tags are lost. Resetting the stats sounds like a useful feature too, I'm making a note of this.
  20. I believe this request comes down to the following: The ability to add a constraint to the tag model that makes certain tags mutually exclusive, i.e. only one tag out of the group can be applied, not multiple tags. A user interface that lets you select a tag using a group of radio buttons (not check boxes). Radio buttons let you select at most one out of a group of values. For an example see https://en.wikipedia.org/wiki/Radio_button#/media/File:Radio_button.png.
  21. Hello, At the moment not, but I find this a very interesting addition! I will see what we can do. I am wondering how we should label this column. It's not that easy to come up with something that is intuitively clear and does not conflict with the current vocabulary: "hits" is already being used for counting the actual occurrences in the text, "unique" could also be interpreted as related to "duplicates", etc. Perhaps "Exclusive items"?
  22. People interested in keyword list statistics maywant to take a look here: http://community.vound-software.com/index.php?/topic/286-keyword-statistics/?p=1481
  23. Hello all, We have recently been working on a much-requested new feature: advanced keyword list statistics, automating what is otherwise a very time-consuming manual operation. The Statistics component has been extended with a Keywords tab. In this tab the user can choose a keyword list, specify a number of calculation criteria and click Calculate. This will produce a table showing the keyword list and several statistics for every query in the list. All controls are placed on the right hand side (see attached image). The user can choose a previously uploaded keyword list or add one here. A second drop-down list controls what field is searched. By default all fields are searched, but you can choose to restrict searches to e.g. the document text, email headers, etc. The four checkboxes determine what columns the table should contain: Items adds columns indicating the total number of items that contain the keyword, what percentage of the total items this is, and the deduplicated amount of items. Hits counts the number of occurrences of the search term in the texts. For example, when a keyword produces a document that contains the keyword 3 times and another document that contains the keyword 5 times, this column will show 8. Custodians adds a column for every custodian in the case. Each custodian column indicates how many of the matching items originate from that custodian. Families adds two columns: "Families" and "Family items". A family is a set consisting of a top-level item (e.g. a mail in a PST file) and all its nested items (e.g. attachments, embedded items, archive entries). The Families column shows in how many families the keyword occurs. For example, if a mail and two of its attachments all contain the keyword, that counts as a single family. The Family Items column shows the total number of items that are contained in these families. This may (and usually will) include items that do not contain the keyword at all; they just belong to a family that has a hit in one of its other items. In cases where you are not directly exporting search results but rather their top-level parents (= the default when exporting to PST), this will tell you how much of the case you are conceptually exporting. One can click on a row in the table and see the items from that result set in the Details view beneath the Statistics. The table can be exported to CSV format. Although we call this functionality "keyword statistics", you can use the complete full-text search syntax here: wildcards, Boolean operators, phrase queries etc. are all available. This new functionality is brand new and is still being fine-tuned. Let us know if you can think of any improvements! To give some ideas: would you expect to see percentages and deduplicated amounts for custodians and families? Would you even expect to see percentages for the "Deduplicated" column? Should we include other information types, e.g. related to tagging and reviewing?
  24. Hello Tyson, Thank you for your suggestion, we always welcome those. The default set of date attributes that are being searched have been chosen so that it matches best with the most common use cases that we witness with our customers - which can vary wildly. To educate users that not all fields are searched by default, we decided to show the full list of date fields in the Date facet, rather than in a more hidden place. Changing the defaults may upset users who have grown accustomed to how it works now. An indicator for the number of date fields that are being searched (e.g. a line reading "using 2 out of 12 fields") could be an option though.
×
×
  • Create New...