Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


jon.pearse last won the day on June 4

jon.pearse had the most liked content!

Community Reputation

18 Good

About jon.pearse

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

925 profile views
  1. Introduction: We have had a number of customers asking us - How do I upgrade to the latest version of Connect, and keep all of my settings? This post will look into how this can be done, and what to look out for when upgrading Connect to the latest version. Why upgrade to the latest version: It is always best to install and use the latest version of our products. With any software development, it is near impossible to test every scenario in which the software will be used, and what type of data is indexed with the tool. Although we have a vigorous testing regime for our products, some customers find issues which they report back to support. These issues are generally fixed, and added to the next release. Therefore, using the latest version will give you all of the fixes from all previous versions. Another good reason to upgrade is because the latest version has a number of new features that are not in previous versions. These features can make processing faster, can make analysis of the data easier, and can add better functionality to the tool. Upgrading Connect: There is no problem with installing the latest version of Intella Connect on the same server. Note that this will need to be installed next to the current version. E.g. as long as the new version is installed in a different folder, the existing version should not interfere with new version. In addition, there is no need to uninstall the previous version. When installing a new version of Connect, we make sure that any configurations from the previous version are also migrated over. We often keep old configuration as backup as well, so your previous configurations are not lost. Installing the latest version of Connect is quite straight forward, but you should be aware of these aspects: Make sure that you are always using the same Windows Account when installing different versions of Intella Connect. The configuration and settings for your current version are stored in user-sensitive location, and those locations will not be available to other user accounts. E.g., we have seen cases when users were installing version 2.0 with the "John" user account, then later installed version 2.1 with the "Administrator" user account. They were surprised to see that they ended up with a clean instance of Connect, with all default configurations and settings. You need to be careful when installing Connect as a Windows Service. There is only ONE Intella Connect Windows Service allowed on the system. Installing a newer version of Connect as a service should overwrite the paths to executables in Windows Services. Once the install process is complete, and the service is restarted, there should be no issues. However, we have seen a number of cases when this did not work as it should have. The outcome is that the service was still pointing to the old version of Connect. In those situations, you should refer to this section of the Administrator's manual on how to manually update the service. https://www.vound-software.com/docs/connect/2.3.0/admin/03_01_connect_as_service.html#manual-un-installation-intella-connect-windows-service Note: From version 2.3.1 we will have an extra check during the installation process that will prevent the installation process from continuing if you have not shutdown the service manually. It is always best to run the latest version of all of our tools. This also applies to Intella Node. Having both Connect and Node on the same version will help when troubleshooting any issues. The risk of any incompatibility issues between Connect and Node are reduced when both products are on the same version. Before you start the upgrade: You should consider the following before you start the Connect upgrade process: With every release of Intella and Connect we provide Release Notes. The very last section of the release notes is the 'Upgrade Notes' section. In that section we list information regarding backwards compatibility with earlier case versions. This section also points out any features which may be limited due to the version upgrade etc. We always suggest backing up your Connect/Node systems before undertaking any upgrades. This minimises the risk of downtime, as you have an avenue to go back should you have any issues with the upgrade process. You should make a backup of these folders (which contain entire configurations) prior to proceeding with the upgrade. "C:\Users\CONNECT_USER\AppData\Roaming\Intella" and "C:\Users\CONNECT_USER\AppData\Roaming\Intella Connect" After the upgrade is complete: Once the upgrade process is complete, start Connect and check that Connect is reporting the correct version. You can do this by clicking on the Admin tab and selecting the 'About Intella Connect' option from the dropdown list. If the latest version is not running, there may be old version of Connect still running. Migrating keystores and self-signed SSL certificates: Once the new version of Connect is running, you may need to reconfigure some advanced setting like SSL. This should be straight forward if you have purchased your SSL certificate from a well known provider like Go Daddy etc. That said, we do see a number of issues with SSL certificates coming through support. But, these issues are mostly related to when the user/company manages their own certificates. In these cases the users report that the upgrade went well, but they cant get SSL to work. In the SSL wizard they get errors like this: "Unable to activate the keystore because it's not valid. Details: Keystore contains multiple certificates, but they were not imported to the private key chain". The issue is that unlike self managed certificates, certificates from a well known providers are generally added to Java's trusted keystore. That means that certificates from a well known provider will work 'out of the box' when setting up SSL in Connect or Node. When users/companies create their own self-signed certificates, they usually create two Certification Authorities (ROOT & Intermediate), and then let the Intermediate CA issue the certificates. But, Java doesn't know anything about ROOT & Intermediate certificates for that company, and these certificates are not automatically trusted. Therefore, the self-signed certificates do not work when a new version of Connect or Node are installed. Note: When you are upgrading Connect or Node, the existing (trusted) Java store is wiped out, and replaced with a clean one. For our products (Connect & Node) to trust the self-signed certificates, you have to add the certificates to the trusted CA store of the JAVA RUNTIME that we shipped with the installer used for the upgrade. This process is described in the Connect administrator's manual at the link below. https://www.vound-software.com/docs/connect/2.3.0/admin/04_03_01_ssl_guide.html#advanced-using-self-signed-certificates So in short, if you are generating your own SSL self-signed certificates, then you will need to update Java's trusted CA store (for both, the Connect and Node systems) after each upgrade.
  2. Vound is pleased to announce the official release of W4 1.0.4. W4 1.0.4 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added Geolocation view, showing the geographic locations of search results, e.g. based on GPS data and IP addresses. Better support for Windows 10 artifacts (BAM Cache, RecentApps). Added support for BitLocker and APFS disk images. Added support for Skype 14.x chat messages. Release Notes W4-1.0.4-Release-Notes.pdf For additional information, please visit our W4 website website.
  3. Hi Neil, The user manual has more details about using the CLI feature. You could try some of the follow options mentioned in the manual. That would allow you to use any facets including the language facet: > 27.2 Command-line arguments > -et, -exportText – Export the extracted texts to a folder. The options -matchQuery, -savedSearch, -deduplicate and -exportDir can be used to control this operation. The resulting files will be named based on their item ID, e.g. 123.txt. > -ss, -savedSearch [File] – Can be used to limit the exported items to those that match the specified saved search. The argument is the path to an XML file holding the saved search. Such a file can be exported from the Saved Searches facet. This allows for using other facets, such as the Date and Type facets, and to combine queries.
  4. Hi Qasim, You may be using an older version of Intella Desktop and that is why you are seeing the additional metadata. We have tested this in version 2.3 and only the preview is printed and nothing else (unless there are attachments and you choose to report those as well).
  5. Hi Qasim, No, this feature has not been added to Intella/Connect yet. To work around it, you will need to export the item, open it in its native application, then print it from there.
  6. jon.pearse

    W4 Latest Version

    Vound is pleased to announce the official release of W4 1.0.3. W4 1.0.3 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for cellphone extractions (Cellebrite, XRY and Oxygen) Added an option to extract Raw data Added a license manager where you can choose with license to use when starting W4 Added version update notification The Dongle Manager is now included in the W4 installer Release Notes W4-1.0.3-Release-Notes.pdf For additional information, please visit our W4 website website.
  7. Indexing an Office 365 source This document should be read along with the information listed in Section 10.2 of the Intella User Manual in regards to connecting to an Office 365 source. Connect to Online Office 365 The Office 365 source type allows for retrieving both user account and user groups. For each user account used to access Office 365, the source can retrieve data from Outlook, OneDrive, and SharePoint. For each user group, the source retrieves titled conversations containing emails. For Outlook, the source retrieves all folders (both standard and user-defined) and all emails therein. For OneDrive, the source retrieves all folders and all files. The Office 365 source uses the Microsoft Graph API to connect to Office 365 and retrieve its resources. There are two ways in which a connection can be made: as a user and as an application. A user login allows for the retrieval of that user’s resources only. An application login allows for the retrieval of the resources of selected or all users. Depending on the connection type used, the Microsoft Graph service uses a different group of privileges to control access to the Office 365 resources. For both connection types, it is required to grant admin consent after assigning the privileges. Before using Intella to index the Office 365 data, you need to configure Office 365 in the Azure portal so that Intella can access the data. Note that Intella can only access the resource if there are adequate permissions to access the account and content. Below are some issues that have been reported to us. These issues are all related to the Azure portal where the Office 365 permissions have not being set correctly. You get an error (similar to below) when using the 'Connect to Office 365' option in Intella's Add new source wizard. The 'Connect to Office 365' option in the Add new source wizard completes successfully, but you can not index any data from the account. You can connect to the account with no issues, and you can index data in the account with no issues, but Intella indexes other data associated with the account which should not be indexed. Intella will be able to index an Office 365 source provided that the permissions are set correctly. The Office 365 permissions are to do with the account on the Azure portal, and therefore, the user must manage these connectors and permission themselves. This is something that Intella can not do. Below is a guide on how to grant Intella access to Office 365 as a user. Please note that this guide is a conservative measure to ensure that Intella has ample permissions to access all aspects of the account, so that it can index the data. This guide may have more permissions/access set in Azure than what is minimally required for the purpose that you want to use. It is up to the user to set the correct permissions for the required access to the Office 365 account within the Azure portal. Note that Intella reads the data through the Microsoft Graph API. No write permissions are required, and Intella does this in read only mode. Step 1: Go to https://portal.azure.com and login using the Office 365 admin credentials. Step 2: Select Azure Active Directory option in the sidebar menu. The Active Directory overview page will be shown. Step 3: In the subsequent sidebar submenu select the App registrations option. Step 4: Click the New application registration button. Step 5: The Create form will be shown. Enter a name for your application in the Name field (e.g. Office365crawler). In the "Redirect URI" section, select Native in the drop-down list. Set an artificial redirect URL in the second field (e.g. https://localhost/office365/crawler). Finally, click on the Register button. Step 6: The newly created application will appear in the App Registrations result table, as shown in the following figure. Click on the application name in order to see the application's Properties page. Step 7: The Properties for the new application will be shown. This page shows the Application ID. The Application ID is required by Intella when connecting to a Office 365 source. Record this ID as we will need it later when adding the source in Intella. Step 8: Click on the View API Permissions button, as indicated by the arrow in the screen above. By default there is a User.Read privilege added for the Microsoft Graph API. We now need to add additional access permissions to the APIs for Microsoft Graph and Office 365 Online. Click the Add a permission button. A new panel will open after pressing the Add a permission button. Click on the Microsoft Graph option. Step 9: Select the Delegated permissions option from the list. Step 10: The list of permissions will appear in the "Select permissions" section of the "Request API permissions page". For connecting to an Office 365 source, set the following permissions: Permission groups Permissions granted Calendars Calendars.Read Contacts Contacts.Read Tasks Tasks.Read Mail Mail.Read Sites Sites.Read.All User User.Read.All By design, Intella invokes only Read and Sign in operations, so no data in Office 365 will be changed, even if Write permissions are chosen. However, Read and Read.All privileges must be granted in order to allow Intella to download the corresponding elements. Note: These are the correct permission settings at the time of this writing. Over the last year we have seen several changes to the Azure management portal and related permissions. If you have access or connection issues, you may not have granted enough permissions to access the source. You should troubleshoot this by checking whether new permissions, relevant to Office 365, have been added to Azure, or whether there have been any changes to the current permissions mentioned above. Finally, click the Update permissions button to complete the configuration of the permissions for the selected API. Step 12: After adding all required permissions to the list, you need to grant admin consent for the permissions. Please click on the 'Grant admin consent' button on the 'API permissions' page. Step 13: Now that you have configured access to a Office 365 account, you can use the Add new wizard, with the 'Office 365' option, in Intella to index the Office 365 data. Remember that you will need your login credentials, and the Application ID to connect to a Office 365 source.
  8. Here is an article from one of our Partners - Spyder Forensics. In this article we discuss the four main keys for building a successful load file. The Four Keys to Generating a Successful Load File Export
  9. jon.pearse

    W4 1.0 is here!!

    Vound is pleased to announce the official release of W4 1.0. W4 1.0 is available from the Downloads section in the Vound Support Portal. You must be logged in with your email address and password. Users with a W4 1.0.x license can use this version immediately. As an introductory offer, users with Intella Professional, Team or Connect, can use W4 until July 31 2020 with these licenses. Note that you must have a Intella 2.3 Professional (or above) license on your dongle, and your Maintenance Agreement must be current to use W4. If you don't already have version 2.3 on your dongle, you can use the Dongle Manager application to update your dongle. Note: For the introductory offer, you cannot use W4 when the license is actively used by Intella Professional, Team or Connect. Highlights Extremely user-friendly interface which allows the user to quickly find, and investigate the information which is relevant to the case. Blistering-fast indexing speeds that allow access to the indexed data in the shortest time possible. Automatic extraction of notable registry artifacts. This can save the examiner many hours of manual artefacts extraction, and data conversion to human readable format. Search and preview system settings, browser history, device usage, email, attachments, iTunes backups, archives, headers, documents, embedded images, and metadata. Index forensic image files S01/E01/Ex01/L01/Lx01/AD1/ISO and DD and FTK images. Support for Windows and MacOS file systems, GPT and MBR partitions, ISO and others. Multiple search visualization options. These include: ** W4’s unique Timeline – allows the user to select a date range but also understand how much data is in that range. ** Events view – allows the user to visually see every event, or a filtered set of events in chronological order. ** Links graph – this view uses item metadata to link items together to highlight the ownership of data, and what accounts or devices had access to the data. Fully customizable reporting wizard for reporting relevant artefacts in the case ready for Court, or for your client. W4 cases can be directly ingested and integrated into Intella to expand on analysis and reporting. For additional information, please visit our W4 website.
  10. Hi Delson, There are no issues using Connect/NODE 2.3 with the HASP drivers from the 2.2.2 version. These drivers will work with version 2.3 as well. Note that your dongle(s) also need to be updated to version 2.3 before you run the 2.3 version of Connect/Node or Intella. You can do this by running 'Dongle Manager.exe' which is located in the installation folder. Again, you can run the Dongle Manager from 2.2.2 to update the dongle if you don't have the 2.3 application installed.
  11. Hi Fuzed, The next release (2.3) has this functionality. 2.3 will be released in the coming days. But, if you want to try the new functionality now, we can provide you a snapshot version for testing. Please submit a support ticket to https://support.vound-software.com if you would like to test OLK15 in the snapshot version.
  12. jon.pearse

    New Beta Available

    Hi Jason, I have sent you the download link and other information.
  13. Hi Shoeb, You will need to purchase another Node license if you want to use two Nodes at the same time.
  14. Hi Shoeb, What you can run depends on what licenses you have purchased, and are on the dongle. The purchase of Connect also comes with a processing license (Node). These two licenses are on the same network dongle. The dongle is designed to work across the network, so yes, you can run Connect on one system, and Node on another system at the same time. Installing Connect/Node on those systems, also installs the license manager and dongle drivers.
  15. Hi, Just an update on the request for the ATTACH_RANGE field. This field will be available in the next release, which is a month or so away.
  • Create New...