Jump to content

jon.pearse

Administrators
  • Content Count

    177
  • Joined

  • Last visited

  • Days Won

    16

jon.pearse last won the day on June 4

jon.pearse had the most liked content!

Community Reputation

18 Good

About jon.pearse

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

869 profile views
  1. Hi Qasim, No, this feature has not been added to Intella/Connect yet. To work around it, you will need to export the item, open it in its native application, then print it from there.
  2. jon.pearse

    W4 Latest Version

    Vound is pleased to announce the official release of W4 1.0.3. W4 1.0.3 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for cellphone extractions (Cellebrite, XRY and Oxygen) Added an option to extract Raw data Added a license manager where you can choose with license to use when starting W4 Added version update notification The Dongle Manager is now included in the W4 installer Release Notes W4-1.0.3-Release-Notes.pdf For additional information, please visit our W4 website website.
  3. Indexing an Office 365 source This document should be read along with the information listed in Section 10.2 of the Intella User Manual in regards to connecting to an Office 365 source. Connect to Online Office 365 The Office 365 source type allows for retrieving both user account and user groups. For each user account used to access Office 365, the source can retrieve data from Outlook, OneDrive, and SharePoint. For each user group, the source retrieves titled conversations containing emails. For Outlook, the source retrieves all folders (both standard and user-defined) and all emails therein. For OneDrive, the source retrieves all folders and all files. The Office 365 source uses the Microsoft Graph API to connect to Office 365 and retrieve its resources. There are two ways in which a connection can be made: as a user and as an application. A user login allows for the retrieval of that user’s resources only. An application login allows for the retrieval of the resources of selected or all users. Depending on the connection type used, the Microsoft Graph service uses a different group of privileges to control access to the Office 365 resources. For both connection types, it is required to grant admin consent after assigning the privileges. Before using Intella to index the Office 365 data, you need to configure Office 365 in the Azure portal so that Intella can access the data. Note that Intella can only access the resource if there are adequate permissions to access the account and content. Below are some issues that have been reported to us. These issues are all related to the Azure portal where the Office 365 permissions have not being set correctly. You get an error (similar to below) when using the 'Connect to Office 365' option in Intella's Add new source wizard. The 'Connect to Office 365' option in the Add new source wizard completes successfully, but you can not index any data from the account. You can connect to the account with no issues, and you can index data in the account with no issues, but Intella indexes other data associated with the account which should not be indexed. Intella will be able to index an Office 365 source provided that the permissions are set correctly. The Office 365 permissions are to do with the account on the Azure portal, and therefore, the user must manage these connectors and permission themselves. This is something that Intella can not do. Below is a guide on how to grant Intella access to Office 365 as a user. Please note that this guide is a conservative measure to ensure that Intella has ample permissions to access all aspects of the account, so that it can index the data. This guide may have more permissions/access set in Azure than what is minimally required for the purpose that you want to use. It is up to the user to set the correct permissions for the required access to the Office 365 account within the Azure portal. Note that Intella reads the data through the Microsoft Graph API. No write permissions are required, and Intella does this in read only mode. Step 1: Go to https://portal.azure.com and login using the Office 365 admin credentials. Step 2: Select Azure Active Directory option in the sidebar menu. The Active Directory overview page will be shown. Step 3: In the subsequent sidebar submenu select the App registrations option. Step 4: Click the New application registration button. Step 5: The Create form will be shown. Enter a name for your application in the Name field (e.g. Office365crawler). In the "Redirect URI" section, select Native in the drop-down list. Set an artificial redirect URL in the second field (e.g. https://localhost/office365/crawler). Finally, click on the Register button. Step 6: The newly created application will appear in the App Registrations result table, as shown in the following figure. Click on the application name in order to see the application's Properties page. Step 7: The Properties for the new application will be shown. This page shows the Application ID. The Application ID is required by Intella when connecting to a Office 365 source. Record this ID as we will need it later when adding the source in Intella. Step 8: Click on the View API Permissions button, as indicated by the arrow in the screen above. By default there is a User.Read privilege added for the Microsoft Graph API. We now need to add additional access permissions to the APIs for Microsoft Graph and Office 365 Online. Click the Add a permission button. A new panel will open after pressing the Add a permission button. Click on the Microsoft Graph option. Step 9: Select the Delegated permissions option from the list. Step 10: The list of permissions will appear in the "Select permissions" section of the "Request API permissions page". For connecting to an Office 365 source, set the following permissions: Permission groups Permissions granted Calendars Calendars.Read Contacts Contacts.Read Tasks Tasks.Read Mail Mail.Read Sites Sites.Read.All User User.Read.All By design, Intella invokes only Read and Sign in operations, so no data in Office 365 will be changed, even if Write permissions are chosen. However, Read and Read.All privileges must be granted in order to allow Intella to download the corresponding elements. Note: These are the correct permission settings at the time of this writing. Over the last year we have seen several changes to the Azure management portal and related permissions. If you have access or connection issues, you may not have granted enough permissions to access the source. You should troubleshoot this by checking whether new permissions, relevant to Office 365, have been added to Azure, or whether there have been any changes to the current permissions mentioned above. Finally, click the Update permissions button to complete the configuration of the permissions for the selected API. Step 12: After adding all required permissions to the list, you need to grant admin consent for the permissions. Please click on the 'Grant admin consent' button on the 'API permissions' page. Step 13: Now that you have configured access to a Office 365 account, you can use the Add new wizard, with the 'Office 365' option, in Intella to index the Office 365 data. Remember that you will need your login credentials, and the Application ID to connect to a Office 365 source.
  4. Here is an article from one of our Partners - Spyder Forensics. In this article we discuss the four main keys for building a successful load file. The Four Keys to Generating a Successful Load File Export
  5. jon.pearse

    W4 1.0 is here!!

    Vound is pleased to announce the official release of W4 1.0. W4 1.0 is available from the Downloads section in the Vound Support Portal. You must be logged in with your email address and password. Users with a W4 1.0.x license can use this version immediately. As an introductory offer, users with Intella Professional, Team or Connect, can use W4 until July 31 2020 with these licenses. Note that you must have a Intella 2.3 Professional (or above) license on your dongle, and your Maintenance Agreement must be current to use W4. If you don't already have version 2.3 on your dongle, you can use the Dongle Manager application to update your dongle. Note: For the introductory offer, you cannot use W4 when the license is actively used by Intella Professional, Team or Connect. Highlights Extremely user-friendly interface which allows the user to quickly find, and investigate the information which is relevant to the case. Blistering-fast indexing speeds that allow access to the indexed data in the shortest time possible. Automatic extraction of notable registry artifacts. This can save the examiner many hours of manual artefacts extraction, and data conversion to human readable format. Search and preview system settings, browser history, device usage, email, attachments, iTunes backups, archives, headers, documents, embedded images, and metadata. Index forensic image files S01/E01/Ex01/L01/Lx01/AD1/ISO and DD and FTK images. Support for Windows and MacOS file systems, GPT and MBR partitions, ISO and others. Multiple search visualization options. These include: ** W4’s unique Timeline – allows the user to select a date range but also understand how much data is in that range. ** Events view – allows the user to visually see every event, or a filtered set of events in chronological order. ** Links graph – this view uses item metadata to link items together to highlight the ownership of data, and what accounts or devices had access to the data. Fully customizable reporting wizard for reporting relevant artefacts in the case ready for Court, or for your client. W4 cases can be directly ingested and integrated into Intella to expand on analysis and reporting. For additional information, please visit our W4 website.
  6. Hi Delson, There are no issues using Connect/NODE 2.3 with the HASP drivers from the 2.2.2 version. These drivers will work with version 2.3 as well. Note that your dongle(s) also need to be updated to version 2.3 before you run the 2.3 version of Connect/Node or Intella. You can do this by running 'Dongle Manager.exe' which is located in the installation folder. Again, you can run the Dongle Manager from 2.2.2 to update the dongle if you don't have the 2.3 application installed.
  7. Hi Fuzed, The next release (2.3) has this functionality. 2.3 will be released in the coming days. But, if you want to try the new functionality now, we can provide you a snapshot version for testing. Please submit a support ticket to https://support.vound-software.com if you would like to test OLK15 in the snapshot version.
  8. jon.pearse

    New Beta Available

    Hi Jason, I have sent you the download link and other information.
  9. Hi Shoeb, You will need to purchase another Node license if you want to use two Nodes at the same time.
  10. Hi Shoeb, What you can run depends on what licenses you have purchased, and are on the dongle. The purchase of Connect also comes with a processing license (Node). These two licenses are on the same network dongle. The dongle is designed to work across the network, so yes, you can run Connect on one system, and Node on another system at the same time. Installing Connect/Node on those systems, also installs the license manager and dongle drivers.
  11. Hi, Just an update on the request for the ATTACH_RANGE field. This field will be available in the next release, which is a month or so away.
  12. Hi Bryan, This is a suggestion. Make sure that you test this to make sure that you are getting the correct results, and that the wrong items are not being missed, or included. You could search over the CC field only by selecting that field in the Search options. Then search for this in the search box: * NOT attorney@lawfirm.com That should bring back anything that is in the CC field that is not attorney@lawfirm.com
  13. Hi Bryan, At this point the only 'easy' way to show duplicates of a group of items is to do the work around which you are currently doing. This functionality may be expanded in a future version.
  14. Hi, Are you sure you are tagging the correct email, and not a duplicate of the intended email? You can check this by looking at the Item IDs for the email you want to tag, and the email that gets tagged. The Item IDs will be the same.
  15. Hi, You can do it like this. Since you know what you are looking for (the word 'date'), type it in as the regular expression. Then check the Case sensitive option. I have created some test documents with the word 'date' using different case. When I run content analysis over these three documents, only the document with the keyword in lower case is found.
×
×
  • Create New...