Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Kalin last won the day on September 24 2020

Kalin had the most liked content!

Community Reputation

1 Neutral

About Kalin

  • Rank

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

517 profile views
  1. In a few places, URLs are shown in single or as a list. It will be great to have an option to unescape them, like: https://www.bing.com/search?q=%E6%97%A5%E6%9C%AC%E8%AA%9E -------> https://www.bing.com/search?q=ζ—₯本θͺž (Funny enough this forum does that if I choose "paste as plain text" which is wrong interpretation!)
  2. It will be a good idea to show the source of the location data (e.g. in Insight view). It can be from picture metadata, or may be IP address mapping, or something else (what). A small icon, or tooltip will be a good start.
  3. I recently looked into Magent Axiom and the Artifact Exchange ( https://www.magnetforensics.com/blog/artifact-exchange-now-open/ ). Is there any way to be able to import an XML report from Axiom and use some of those artifacts?
  4. It will be great to have the map display center on some configurable point and have some default zoom. Or is there any way to hack around that at the moment?
  5. Some kind of API (RESTful is fine) would be great, to any "non-viewer" product of Vound! BTW, it is getting a bit messy (marketing-wise so to say) on what is what, I am suspecting code-wise there are few components that get packaged in various combinations. For my own sake I call them: front-end (allows shared access to case): Connect/Connect+, TeamManager back-end (processes/indexes new data and makes a case): Node, Pro/250/100/10, TeamManager viewer (allows searching, tagging, comments, export when connected to a front-end or directly opening (single-user) a case on di
  6. Going through the 2.2.2 Administrator manual, I've been thinking: Can Connect use LDAP/AD for authorization or only for authentication? In other words, is there a (sane) way to map some attributes in an external directory to the permissions used in Connect? Anybody doing that? https://www.vound-software.com/docs/connect/2.2.2/admin/04_01_user_management.html#permission-types I can probably see a helpful "one-liner" script that queries AD and nudges the Connect setup, although that will be a hack I wouldn't be proud of. The use case I am thinking is a large organisati
  7. Excel should not be abused for text processing πŸ˜„ AFAIR, Notepad++ supports PCRE, so it should be possible to filter URLs. For example of a full URI PCRE see https://stackoverflow.com/questions/161738/what-is-the-best-regular-expression-to-check-if-a-string-is-a-valid-url/190405#190405 You should also be able to run Content Analysis facet with some regex for URLs, then export values. Hopefully the facet will some day support full PCRE.
  8. Of course a way to store/export/import all those UI settings and set by default or per project is also being taken care of?
  9. The only project that comes to mind is OpenNMT and related and Systran products (that use it): https://github.com/OpenNMT But it still requires training and human-translated samples and is not a simple DLL that one can use offline. If you know of any other products/projects, feel free to share.
  10. "top 10/100 Web searched keywords", in Insight or as standard facet (under contents analysis)? This may be a next-level extraction after browser artefacts are ready, e.g.: https://www.google.com/search?source=hp&q=cat https://www.facebook.com/search/top/?q=cat ... => cat [32] <-- "cat" was searched 32 times NOTE: make sure you URLdecode parameters, there is more than English out there. Of course the list of search providers can only grow and grow, so proper internal infrastructure is needed. As an even more generic idea, things like file se
  11. APFS support for disk images! It is getting closer to merging with sleuthkit (I hope) https://github.com/blackbagtech/sleuthkit-APFS
  12. I recently got asked for a "thumbnail report", i.e. extract certain items and some of their metadata (e.g. ID, file_name) and print them in a grid (say 4x5 on A4)... While it looked easy, I couldn't think of way to do it directly in Intella and resorted to exporting metadata and native format images, then abusing imagemagick to thumbnail them and "simple" Perl/bash "one-liners" for the final layout. Mess! Is there another (internal) way? Are those thumbnails (in thumbnail pane) exportable? Is there any way to have other thumbnails for non-image files? Video may be obvious, but t
  13. Thinking of a 0.5PB RAID5 evidence storage for a TEAM installation on Windows Server, is there anything for/against ReFS? Performance? Anybody tested/running with ReFS?
  14. This is from the just released 2.2.2, release notes πŸŽ‰πŸΎπŸŽŠ
  15. This sounds a bit strange, may be have a look again at that identified item that triggers it. What is the structure as Intella sees it (e.g. the tree tab in the preview)? The closest I had to this (I was called to triage similar situation) was caused by some complex document, I think it was TXT (with the keyword), embedded in a DOCX, attached in e-mail. So while the keyword hit was indeed "in the Word document" and it looked right especially in the native view, there was one extra level involved. I usually told people to repeat the "Show Parent Email" command on the generated se
  • Create New...