jon.pearse

Vound is pleased to announce the official release of W4 1.1.1. For current W4 customers, W4 1.1.1 is available from the Downloads section of our website. You will need your dongle ID to download this update. More information can be found here: https://www.vound-software.com/software-downloads Users with a W4 1.1.x license on their dongle can use this version. If your dongle does not have this version, you will need to update your dongle using Dongle.Manager.exe which is located in the folder where W4 is installed on your system. For non W4 customers, for a limited time you can get access to a fully functional copy of W4 here: https://www.vound-software.com/download-request-w4 Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added Explore tab that allows to browse the indexed items in a file system viewer. Added support for RAM capture on Windows 10 2004 and 20H2 updates. Added support for Oxygen 12 and 13 reports. Improvements in processing BitLocker images (clear and multiple keys). Improvements in indexing MS Exchange EDB files. Release Notes W4-1.1.1-Release-Notes.pdf For additional information, please visit our W4 website website.

Hi Chris, It is in the 2.4 Connect admin manual. We will send you a link in the support portal.

Hi Chris, You just install Node on the new system, and plug your new dongle into that system (you will receive the activation instructions soon). Once done, the information and steps for adding Nodes to Connect is shown in Section 7.3.2 of the Connect admin manual. Note that all processing/Node systems should be separate to your Connect server. Processing cases with Node/Pro, and sharing cases on the same system is not supported.

Hi fuzed, I'm not sure which instructions you are using. Note that because these online services change their connection settings often, we have removed the guides from Intella in version 2.4. The guides are now on the support Knowledge Base. https://support.vound-software.com/help/en-us/3-faq/55-collecting-data-from-a-gmail-source

Hi, The 250 size limit for your license is calculated on the evidence size. The evidence size limit relates to the cumulative file size of the evidence files as reported by Windows Explorer. E.g., if explorer reports a PST file as 2GB, then the evidence size for the PST is 2GB when added to a case. Note that the case size may be different, e.g. shown as 3GB, when the PST is indexed. Are you using the latest version version of Intella (2.4)? Are you indexing the source data from a local drive in the system (e.g. not a network or USB drive)? Also, any indexing tasks which have not completed properly can contribute to the evidence size in the case.

Hi, You can export any of the metadata columns to a csv file. highlight all of your emails that you want to report on in the Details table right click on the items in the Details table then select Export - CSV file Select all of the metadata fields (columns) that you want in your report, and path to the location where you want to export the report to. Click on export.

Hi all, At this point the only way to exclude the "Message Headers" and "Raw Data" fields is to use the check boxes. That said, there is a work around, but it would be time consuming if you have a lot of keywords. In that case you could use field specific searches, and not include the Message Headers and Raw Data fields in the search. E.g. if you were looking for the word house, but not in the Message Headers or Raw Data fields, you could type something like this: text:house OR title:house OR path:house OR summary:house..... and so on until all fields apart from the Message Headers and Raw Data fields are entered. Here is a list of the fields which can be used this way in a keyword list.

Vound is pleased to announce the official release of W4 1.1.0. For current W4 customers, W4 1.1.0 is available from the Downloads section of our website. You will need your dongle ID to download this update. More information can be found here: https://www.vound-software.com/software-downloads Users with a W4 1.1.x license can use this version. If your dongle does not have this version, you will need to update your dongle using Dongle.Manager.exe which is located in the folder where W4 is installed on your system. For non W4 customers, for a limited time you can get access to a fully functional copy of W4 here: https://www.vound-software.com/download-request-w4 Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added the Recipes functionality for configuring and running searches based on common case types such as IP theft etc. Added an option to index local physical and logical disks (including indexing a live running system). W4 is now available as a portable application that can be run on any PC without installation. W4 now supports evidence acquisition. Supported types are physical memory (RAM), physical and logical disks, and folders. Added triage launcher that allows users to process a new PC in one click. W4 can now be used for on-site triage and acquisition of suspect PCs through its portable app, triage and live acquisition functionalities. Added an option to create portable cases. A portable case is a self-contained folder that includes the case and free W4 viewer. Optionally, a subset of the case can be created. Added hash list support (including deNISTing). Added support for several sources such as AFF4 disk images, volume shadow copies, and Windows 10 Timeline database. Added search profiles to automate case creation. Release Notes W4-1.1.0-Release-Notes.pdf For additional information, please visit our W4 website website.

Hi, We will likely need to look at the logs for this case. Can you submit a support ticket so we can discuss further please. https://support.vound-software.com/#login

Hi, This is something that is external to Intella, and more specific to Outlook. Someone in the community may be able to provide some advice, but you may find more information by researching this topic on Google or Microsoft's support site.

Hi, We will likely need to review the logs etc. Can you submit a support ticket please.

Hi, Sources can be renamed in "Edit Source" dialog, but that will add the new name to the existing source name. The only way to completely change the source name in the location facet is to remove the source, then add it in again, and index it.

Hi fuzed, You will probably want to use RAID 1 or 5 if you want some kind of redundancy. Connect can be setup to run as a service on desktop or server versions of Windows.

We have recently had some customers report an issue when Installing Intella, Connect or W4. The issue is that the Intella/Connect/W4 install process crashes, and in some cases, it can cause the system to blue screen. This issue has occurred after the user has updated to the new Windows 10 19041, or 2004 version. It appears that the new Windows updates have some type of conflict with the Sentinel Hasp drivers used in our products. We don't know if this issue occurs with every system that has been updated to 19041 or 2004. But, we do know that the users who experienced this issue have updated to version these Windows versions. We also know that this issue occurs at the last stage of the install process, which is when the Hasp drivers (required for dongle access and licensing) are being installed. In these cases, the installation of Intella/Connect/W4 will generally be installed correctly, and the only issue is that the Hasp drivers were not installed properly. We always include the latest Hasp drivers with each release for our products. In this case the Windows updates have conflicts with the Hasp drivers in our latest releases. If you are experiencing this issue, you will need to manually download and install the latest Hasp drivers to resolve the issue. The steps below guide you through downloading and installing the latest Hasp drivers: 1. Go to the following link. https://supportportal.gemalto.com/csm?sys_kb_id=979a4e21db92e78cfe0aff3dbf9619c6&id=kb_article_view&sysparm_rank=7&sysparm_tsqueryId=4ad5b82e1bfc5410f12064606e4bcb15&sysparm_article=KB0018319 2. Click on the DOW0003346 link on this page. 3. Read through the license agreement and click on the 'I accept' button (if you accept the terms). 4. Save the Sentinel_LDK_Run-time_cmd_line.zip file to your system, then extract the haspdinst.exe file from the zip file to your desktop. 5. Temporarily disable any security software you have running on the system. 6. Open a Command Prompt (as an administrator) by searching for cmd.exe, then right clicking on the program and selecting the 'Run as administrator' option. 7. Change to the desktop directory by typing cd %UserProfile%\Desktop in the command window, then pressing enter on the keyboard. 8. Once in that directory, run the following command to remove the existing Hasp drivers. a. haspdinst -fr -kp -purge You should receive an ‘Operation successfully completed’ message. Press ‘OK’. b. Now install the new Hasp drivers by typing haspdinst -i Again, you should receive an ‘Operation successfully completed’ message if the process ran correctly. Press ‘OK’ and close the command window. 9. The new Hasp drivers will now be installed on your system. You can check this by opening a web browser and typing this link into the address bar. http://localhost:1947/_int_/about.html The Admin Control Center will report the version of the run-time installer loaded on the system. In this case the new run-time is version 8.11. 10. Now you can install Intella/Connect/W4. When it gets to the point where it installs a Hasp driver, it will detect that a newer driver is already installed on your system, and it will skip installing the bundled version.

Hi, We have a number of training courses from beginner to advanced levels. More information regarding training can be seen on our website. https://www.vound-software.com/support#training

Hi dale, We have added support for indexing AFF4 images to W4. This will be available in the next release (or, you can get a beta version earlier if you are on the beta testers list). The format will likely be ported to Intella in a future release.

Hi, You can split a PST export in to parts by size. More information is in Section 26.2.10 of the user manual.

Hi, Are you using the latest version of Intella? If so, there may be something odd with the dataset. Please submit a support ticket for troubleshooting further.

Hi, Can you provide more information on what you are trying to do please. Are you saying that some items that were exported in a previous production are being exported in a new production, and you want to use the original bates numbering for those items?

Hi, You can try using a Saved search for the KW list and the tag as a filter.

Hi Laura, If it is Intella Pro which you are using, then that product does not have any sharing capabilities. Intella Team has this functionality.

Hi frankr20, Your screenshot shows the files that are produced. Within these files you will see incremental page numbering. E.g., the 00000001.pdf document has 15 pages, and those pages will numbered incrementally.

We have received a few support tickets from users who have had issues with ingesting a load file into Intella. There are two common issues being reported by our users. These two common issues are discussed below, but we will add updates to this post if other issues come up in the future. Note: In this post we are discussing Relativity and Concordance type load files that use .dat and .opt files. Issues 1) The user says that either the 'Load file preview' tab, or the 'Image preview' tab is not working and they can't see their load file, or image entries (respectivley) in these tabs. Basically one tab is fine, while the other tab does not show the data in the load file. 2) The user says that Intella is reporting a 'File can not be read: Input length = 1' error when they click the 'Check for errors' button in the Map Fields window. Both of these issues have the same cause. It relates to an encoding mismatch between the .dat file, the .opt file and the extracted text files. Note: The 'Detect encoding' button in the Intella interface detects the encoding in the .dat file. That encoding setting is then used for the .opt file and the extracted text. Currently as of this writing (version 2.3.1) there is no way to ingest a load file where different encoding exists for these components. We will improve Intella to allow for more flexibility for this in a future release. Also note that the Detect encoding button may not work in some cases. In these cases the user will need to set the encoding manually from the list of options. For Issue 1 above, there is a coding mismatch between the .dat file and the .opt file. Note that the 'Load file preview', and the 'Image preview' tabs work independently. This is based on the information in the .dat and .opt files, and their respective encoding. Therefore, if you have different encoding for the .dat and .opt files, only the file that matches the file encoding which has been selected in the interface will display properly. In the example below, the encoding is set to UFT-16. The .dat file is encoded UTF-16, but the .opt file is encoded as UTF-8. You can see that the Load file preview works fine, but the Image preview does not display the images. To resolve this issue, the encoding for the .dat and .opt files need to be the same, and that encoding needs to be set in the 'File encoding' field. Issue 2 is also an encoding problem. This time there is a mismatch between the .dat file and the extract text files. It looks like there are a few possibilities why there could be a mismatch with these files. Either, a) some load file creation tools allow different encoding for the .dat file and the extracted text when a load file is created. b) the .dat file, or the extracted text files have been converted to another encoding after the load file had been created. In either case, there is an encoding mismatch, and this mismatch is shown by a 'File can not be read: Input length = 1' error when the user clicks the Check for errors button in the Map Fields window. To fix this issue, again the user needs to make sure that the encoding for the .dat file and the extracted text are the same. When looking at these issues through support, we have noticed that the extracted text is usually in UTF-8 encoding, but the .dat file is in a different encoding. In this case it would be a lot easier to change the encoding for the .dat file, than to change the encoding for all of the extracted text files. If you do change the encoding for the .dat file, make sure that you also change the encoding for the .opt file if that file needs to be changed.

Hi Margaret, I have tested this and there is no issue with clicking on the button to toggle it. The button or the label name can be clicked to change the state. We have not had any reports regarding this control in ant previous versions either. Are you using Internet Explorer? if so, you could try using a different browser like Chrome.

Recently we have had a few customers report that they can not download the Geolite2 database within Intella/Connect. It looks like the vendor for the database has changed the way the database can be accessed, and Intella/Connect can no longer download it. If you need to install the GeoLite2 database, you will now need to firstly download the database, and then install it manually. See the steps below. Sign up for a MaxMind account - https://www.maxmind.com/en/geolite2/signup Go to the downloads area - https://www.maxmind.com/en/accounts/current From the 'GeoIP2 / GeoLite2' section, select the 'Download files' link. Download the GeoLite2 City Binary database. Extract the GeoLite2-City.mmdb file into C:\Users\[USER]\AppData\Roaming\Intella\ip-2-geo-db. Note: You may not be able to see this folder as it is hidden by default. To go directly to the Roaming folder, type %appdata% into the Windows search box, then press the Enter key. Once done, navigate to the \Intella\ip-2-geo-db folder and put the GeoLite2-City.mmdb file in there. Open Intella or Connect and verify that the database is installed. Please see the following video on the above process: