Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by JNevins

  1. Since the awesome increase in Intella's searching ability (OS artifacts, text in unsupported/unrecognized) I tend to get a lot of unrecognized binary files that are large in size limiting Intella's response time when previewing the item. It would be great to have another tab in the Preview window that displays the hit with a select option for the amount of surrounding text. This would eliminate the need to show all of the file text and would aid in reviewing results. Thanks!
  2. Thanks for the input from you both. I have known for years of the database structure of the PST/OST files and have always chuckled a bit at the concept of exporting to native/original given the originating file type. I too would like to see the flexibility to export to .eml or .msg in future releases. In the long run I guess it is just what the client asks for (or what we know they need but they haven't asked for in so many words) that counts.
  3. Adam, Thanks for the multiple options for possible solutions. I am sure one will work. I am curious to get your take (and Mr. Bachman's as well) on the idea of the use of .eml as "original format" for output from Intella. Is it generally understood that original format of email contained within an OST or PST file is .eml? In my case I did provide the client with a single PST file containing all results, but they stipulated they must have native/original format as well... this may fall into the "personal interpretation" side of things. In the case when your client requests native/original format, what do you provide?
  4. Hello all: I am re-visiting a sore spot related to the export of mail items as handled by Intella when original format is selected. The items are exported as .eml file types, which as I understand was a common format when the Outlook Express application was readily used and available. However, all attempts to find a simple, preferably free tool, to provide to clients and/or use myself to view the output .eml files has run into one snag or another. I have tried the following with various problems (inability to load large file groups, won't open attachments, annoying adware, random crashes, etc.) Kernel EML Viewer, Free EML File Viewer, EML Reader. Please share with me any solutions you have found to this issue be it free or pay. Thank you!
  5. With the implementation of so many awesome features released in 1.9.1, specifically those pertaining to the registry and other forensicy stuff, it has me wishing for more! I thought I would enquire as to the possibility of including the decoding and indexing of Volume Shadow Copies. Has this idea been kicked around before? Thanks!
  6. Hello! Love the new Insight metrics tab released in version 1.9.x. Here is some feedback. Please comment or advise if I am misinterpreting. I have noticed on two separate cases the USB mass storage device data is lacking any date reference (first/last connection date/time). I have verified through other tools the HIVE contains the date/time data but it does not seem to be parsed by Intella. Also, the web browser function seems to be a bit spotty. One recent case showed no browser activity after processing through Intella, yet a second tool parsed out thousands of URL/cookie/artifacts. This might be related to the point below. Also, in one case Intella failed to list all USER accounts. In this instance, the source disk imaged was of a SSD from a Dell Latitude with three partitions named REDEPLOY, DATA, and OS. Intella seemed to parse the user directory from the OS partition but not the DATA partition where the known user's directory resided. By the way, I am indexing a RAW image file of a complete physical disk and asking Intella to process all known files with no filtering of file types. Thanks for the continued improvement on the software!
  7. Hello. Please forgive if this suggestion has been presented before, but my quick search produced no similar topics. I am often asked the same question by clients as related to production from Intella, "So what keyword(s) were found in this document?". Although this information is parsed and presented in the banner at the bottom of the Content tab of the Preview window, it would be nice to have this information as an option for the cover page of the PDF format when exporting results. Perhaps the ability to add other metrics like hit count, and location if the parent item was say, a compound file type. This would solve a few headaches for me. Thanks!
  8. Picking back up on this thread. Putting my 2 cents in for the added feature of exporting to the .msg format. This would eliminate many issues and limitations my clients encounter in working with production data.
  9. Another interested party for Beta testing, please.
  • Create New...