Jump to content

PF1

Members
  • Content Count

    55
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by PF1

  1. Thanks Adam, as always. I should probably grab an ATI card like you suggest. I thought there might be some magic bullet setting in Nvidia or Java that I had forgotten about setting on the old machine.
  2. I just assembled a new workstation and am having trouble with the Intella interface having some nasty display issues. The new machine has an Nvidia GT1050ti video card and is using the 419.67 driver (I know it's not the newest driver, see below). My other machine I run Intella on (older machine) has an Nvidia GTX750Ti with driver version 364.72. Every attempt to update the older machine to newer drivers resulted in Intella issues, so I kept the old drivers in place. On the new machine, whenever I mouse-over any interactive area of the interface, I get second and third and four
  3. Wow, I had NO idea the keyword list search adhered to the check boxes under the individual keyword search box. That makes things much easier, thanks!
  4. What about excluding path hits when using a keyword list (no checkboxes for search options)? I seem to recall there being a way to prepend each keyterm in the list with something like 'notpath', but I cannot find where I think I recall that from.
  5. That would be more than acceptable to me, and i understand the overhead. Perhaps it makes sense to use a single size delineation for the size column (i.e. all KB, all MB or all bytes).
  6. That's the thing, I DO need to use this many times per day when working a case in Intella. Many other forensic tools allows for this (EnCase, X-Ways, etc.) and it's a really useful feature. Otherwise, I end up having to export listings five or six times (or more) just to find out what the total resulting size of a keyword search results will be based on variances in the search term list and how the results are assembled. Since Intella is already computing the individual sizes of items in the "size" column, I guess it didn't seem like it would be all that difficult to integrate a
  7. This request has been made a few times before, but I am not sure if it will ever make it into a version. I would like to be able to highlight multiple items in the table pane and have Intella tell me the total size of the items highlighted.
  8. Currently, when I run a keyword search that contains more than one keyword, I need to open each resulting item in the preview to see (at the bottom of the preview) which keywords have hits in that item. It would be great if a column could be added to the table view that contained any/all keywords resulting from a search. The data should be available, as the preview of each result shows the hit terms.
  9. I recently ran a keyword search across various email PSTs and was viewing the hits. Some hits were email bodies and other hits were in attachments only. I highlighted the entire list of hit results and right-clicked and selected show parent (direct, not top level). I then tagged all these items with the thought that any attachment would now have its parent email tagged. I exported the tagged items as native, but there were a number of instances of where the parent email of the keyword-hit-attachment did not appear in the export. In order to test this, I found one such email/atta
  10. I guess in the future I could select each of the individual MBOXs from the IMAP collection except the ALL MAIL MBOX, index the collection, and then add the ALL MAIL MBOX in as a second step. Anything that was a duplicate in ALL MAIL would be duped out. As a workaround, I showed the "duplicates" column in the listing pane, sorted based on location and tagged for export any item in the ALL MAIL location that did not show a duplicate, but did not tag any item that did show a duplicate. All other relevant items from other Gmail 'folders' were tagged and all tagged items were exported.
  11. I am wondering if there is a way to control the order of analysis for deduplication. I frequently collect GMail IMAP accounts and find that the ALL MAIL folder generally holds a duplicate of messages located in other GMail folders (well, Gmail tags, really). But, it is entirely possible that a user could place a message into the ALL MAIL folder on his own and it would be the only instance. What I am wondering is if there is a way to have Intella review for duplicates whereby the All MAIL folder (or any folder) is assigned the lowest priority? Given an email that is pr
  12. Chris, great suggestion. Thanks. I forgot that Message-ID is an available column. I wonder, though, since it is already being extracted for display in the column, why it cannot be used as a search field.
  13. I understand this, but in my case this does not work as I also get all OTHER messages in a conversation (since the Message-ID appears in the header of the other emails in the conversation). That's why I am posting this in the "wish list" thread. I am hoping Vound can make the message-ID a uniquely searchable field, like some of the other specific fields that can be searched. Message hash is not necessarily unique, as the tool used to generate it may use different data to compile it (x-ways vs. Intella vs. Relativity, etc.), but the message-ID is unique to the specific
  14. Any updates on this? I am working on a case with ~13,000 search terms, and since Intella seems to not work with a keyword list of over 200 message ID or email Subjects (error= Query is too long), I am having to break the list into 50+ small keyword lists. It would be great if I didn't have to import each one individually.
  15. I would love to be able to search the message-ID field specifically, and do so via a keyword list. What I am trying to do is find specific messages, but not the messages that reference to them. I would like to be able to have a keyword list that looks like: messageID:<ABC123> messageID:<ABC456> etc... Is there currently a way to search this specific field only?
  16. Jon, Since phrases are not currently supported in proximity searches (fingers crossed that's on the way!), the idea of grouping terms is intriguing. Your example of "(Baxter OR Jason) (article OR paper OR presentation OR public OR report)"~20 only uses the OR operator. If what I needed to find was actually any item with BOTH Baxter AND Jason within 20 words of any of the others, would an AND operator in the first group suffice?: "(Baxter AND Jason) (article OR paper OR presentation OR public OR report)"~20
  17. Wondering how hard it would be to allow the import of multiple key word lists at once? I often have numerous lists that I need to run independently of each other, and it would be nice to be able to load them all in at once instead of having to load each one individually.
  18. GMail API based collection request Please consider having the API based method of GMail collection maintain the gmail tag/folder structure of the collected items. Currently, this method, while VERY fast as compared to a Thunderbird IMAP client collection, strips all directory stricture of the mail. It is often important to know if a message is in Sent, Inbox, Starred, or some custom folder.
  19. I will add it to the wish list thread, thanks.
  20. So, I used a personal gmail account to test out the API driven GMail collection method (OAuth token) and it worked, with one VERY notable exception. None of the folders (I know, they are 'tags' in GMail) came through. What I got was one giant bucket of emails with no indication as to where the message came from within the email account such as Starred, Important, Trash, Inbox, any of my custom tags, etc. Is there something I am missing? The API method was incredibly fast (compared to using Thunderbird) and I would LOVE to be able to use it, but I need to have the folder/tag heirar
  21. OK, I understand the reasoning behind the inclusion of the various items, but since I use Intella exclusively (for now) for email and use other programs to handle registry and internet history and others, is there a configuration file that I can edit to set the default checked and unchecked boxes? When I am adding 15-20 different sources to a case, it's 15-20 more steps to un-check/check the ones I want, and I can't seem to get my selections to 'stick' between sources, even in the same case (ie I un-check 'registry' items for source #1, but upon adding source #2 'registry' is checked aga
  22. I feel like this begs the question "if none of these selections have an impact on performance, why are they UNselectable?" I mean, I have no way to know if an email has an attached chat log and the log that in turn has an embedded zip file. That's WHY I am using a tool like Intella to process the email! I just don't see the point of having this configurable if the best course of action is always to run it with all items selected.
  23. Adam, I hope you are right, (and I have not tested with and without all options to see if it affects my processing times) but my experience with other forensics/indexing tools is that the more it's looking for, the longer it takes even if it does not find anything. I hope someone form Vound can let us know. Being an EnCase user, It's instinctive for me to reduce ALL indexing tasks as much as possible for speed!
  24. I am really liking the direction Intella is moving toward in 1.9.1. I am wondering, though, if some end user configuration is possible? Particularly, I am finding that every new source I process requires me to UN-select the "Items" I rarely, if ever, will need. These include Chat messages, databases, registry, and browser history. it would be great to have Intella remember my last choices and apply them, rather than forcing me to uncheck the ones I don't want every single time.
  25. Using 1.9, I added a folder with two PSTs belonging to a single custodian. Prior to indexing, I set the custodian name to be applied to the indexed items. Once indexing finishes (about 50 minutes) the indexing dialogue said indexing was finished and Intella was applying the custodian info. After an hour and 45 minutes with the only sign of activity the growing RAM reservation in Task Manager and a VERY small amount of writes to the index files, I stopped the process with the "Stop" button and Intella hung for about 30 minutes before crashing and providing an error. Unfortunately,
×
×
  • Create New...