jon.pearse

Vound occasionally issues "patch releases", to quickly address issues of a severe nature. Below is a list of the patch releases and a description of their changes. The following patch releases have been issued since the 1.0.5 release: 1.0.5.2 Fixed an issue with W4 not being able to process certain raw (dd) disk images consisting of a single file. Fixed an issue where timezone settings may not be properly applied to network connection timestamps extracted from Windows registry files. The following patch releases have been issued since the 1.0.5 release: 1.0.5.1 Fixed an issue where timezone settings may not be properly applied to file system items in an AD1 disk image. Fixed an issue where timezone settings may not be properly applied to certain items when the source time zone is different from the investigator machine's time zone. This affects Hangul version 3 documents, OpenOffice documents (creation dates only), deletion stubs in NSF, and certain dates in USB-related artifacts.

Hi Margaret, I can't actually see a permission specifically for uploading keyword lists. Maybe it is best to discuss this issue with your case admin, then ask them to submit a support ticket. The support ticket should have a full description of the issue including screenshots.

Hi Neil, I don't think you can search only within a custom column. What you could do is sort the new custom column, then select and tag the entries that have 'yes'. That will effectively give you the same result as if you were searching the custom column for 'yes'.

Hi Fuzed, You could try using an overlay to add date information for the documents.

Hi P. Smith, You could try enabling this setting when exporting. That should include the embedded item. The only issue with that approach is that it won't include the 'metadata' of the embedded items. If you need a full report on embedded items, the embedded items will need to be included separately, then maybe merge the PDFs as you say.

Vound is pleased to announce the official release of W4 1.0.5. W4 1.0.5 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Various indexing and exporting stability improvements. Added type detection for HEIF/HEIC image files. Added metadata extraction for HEIF image files. Added detection of AMR audio files. These are often used to record voice mails. Added support for indexing NSF files with IBM Notes 10. Release Notes W4-1.0.5-Release-Notes.pdf For additional information, please visit our W4 website website.

Hi fuzed, It's most likely a limitation of the hotmail server. Those usually don't allow to download everything in one ago. We usually recommend to download such data with a mail client first (or ome 3rd party app), and then index the result (mbox, pst, etc) with Intella. Also, some mail servers such as gmail allow you to download data separately into a file. We are not sure if such feature exists for hotmail though, so you may need to look into that.

Introduction: We have had a number of customers asking us - How do I upgrade to the latest version of Connect, and keep all of my settings? This post will look into how this can be done, and what to look out for when upgrading Connect to the latest version. Why upgrade to the latest version: It is always best to install and use the latest version of our products. With any software development, it is near impossible to test every scenario in which the software will be used, and what type of data is indexed with the tool. Although we have a vigorous testing regime for our products, some customers find issues which they report back to support. These issues are generally fixed, and added to the next release. Therefore, using the latest version will give you all of the fixes from all previous versions. Another good reason to upgrade is because the latest version has a number of new features that are not in previous versions. These features can make processing faster, can make analysis of the data easier, and can add better functionality to the tool. Upgrading Connect: There is no problem with installing the latest version of Intella Connect on the same server. Note that this will need to be installed next to the current version. E.g. as long as the new version is installed in a different folder, the existing version should not interfere with new version. In addition, there is no need to uninstall the previous version. When installing a new version of Connect, we make sure that any configurations from the previous version are also migrated over. We often keep old configuration as backup as well, so your previous configurations are not lost. Installing the latest version of Connect is quite straight forward, but you should be aware of these aspects: Make sure that you are always using the same Windows Account when installing different versions of Intella Connect. The configuration and settings for your current version are stored in user-sensitive location, and those locations will not be available to other user accounts. E.g., we have seen cases when users were installing version 2.0 with the "John" user account, then later installed version 2.1 with the "Administrator" user account. They were surprised to see that they ended up with a clean instance of Connect, with all default configurations and settings. You need to be careful when installing Connect as a Windows Service. There is only ONE Intella Connect Windows Service allowed on the system. Installing a newer version of Connect as a service should overwrite the paths to executables in Windows Services. Once the install process is complete, and the service is restarted, there should be no issues. However, we have seen a number of cases when this did not work as it should have. The outcome is that the service was still pointing to the old version of Connect. In those situations, you should refer to this section of the Administrator's manual on how to manually update the service. https://www.vound-software.com/docs/connect/2.3.0/admin/03_01_connect_as_service.html#manual-un-installation-intella-connect-windows-service Note: From version 2.3.1 we will have an extra check during the installation process that will prevent the installation process from continuing if you have not shutdown the service manually. It is always best to run the latest version of all of our tools. This also applies to Intella Node. Having both Connect and Node on the same version will help when troubleshooting any issues. The risk of any incompatibility issues between Connect and Node are reduced when both products are on the same version. Before you start the upgrade: You should consider the following before you start the Connect upgrade process: With every release of Intella and Connect we provide Release Notes. The very last section of the release notes is the 'Upgrade Notes' section. In that section we list information regarding backwards compatibility with earlier case versions. This section also points out any features which may be limited due to the version upgrade etc. We always suggest backing up your Connect/Node systems before undertaking any upgrades. This minimises the risk of downtime, as you have an avenue to go back should you have any issues with the upgrade process. You should make a backup of these folders (which contain entire configurations) prior to proceeding with the upgrade. "C:\Users\CONNECT_USER\AppData\Roaming\Intella" and "C:\Users\CONNECT_USER\AppData\Roaming\Intella Connect" After the upgrade is complete: Once the upgrade process is complete, start Connect and check that Connect is reporting the correct version. You can do this by clicking on the Admin tab and selecting the 'About Intella Connect' option from the dropdown list. If the latest version is not running, there may be old version of Connect still running. Migrating keystores and self-signed SSL certificates: Once the new version of Connect is running, you may need to reconfigure some advanced setting like SSL. This should be straight forward if you have purchased your SSL certificate from a well known provider like Go Daddy etc. That said, we do see a number of issues with SSL certificates coming through support. But, these issues are mostly related to when the user/company manages their own certificates. In these cases the users report that the upgrade went well, but they cant get SSL to work. In the SSL wizard they get errors like this: "Unable to activate the keystore because it's not valid. Details: Keystore contains multiple certificates, but they were not imported to the private key chain". The issue is that unlike self managed certificates, certificates from a well known providers are generally added to Java's trusted keystore. That means that certificates from a well known provider will work 'out of the box' when setting up SSL in Connect or Node. When users/companies create their own self-signed certificates, they usually create two Certification Authorities (ROOT & Intermediate), and then let the Intermediate CA issue the certificates. But, Java doesn't know anything about ROOT & Intermediate certificates for that company, and these certificates are not automatically trusted. Therefore, the self-signed certificates do not work when a new version of Connect or Node are installed. Note: When you are upgrading Connect or Node, the existing (trusted) Java store is wiped out, and replaced with a clean one. For our products (Connect & Node) to trust the self-signed certificates, you have to add the certificates to the trusted CA store of the JAVA RUNTIME that we shipped with the installer used for the upgrade. This process is described in the Connect administrator's manual at the link below. https://www.vound-software.com/docs/connect/2.3.0/admin/04_03_01_ssl_guide.html#advanced-using-self-signed-certificates So in short, if you are generating your own SSL self-signed certificates, then you will need to update Java's trusted CA store (for both, the Connect and Node systems) after each upgrade.

Vound is pleased to announce the official release of W4 1.0.4. W4 1.0.4 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added Geolocation view, showing the geographic locations of search results, e.g. based on GPS data and IP addresses. Better support for Windows 10 artifacts (BAM Cache, RecentApps). Added support for BitLocker and APFS disk images. Added support for Skype 14.x chat messages. Release Notes W4-1.0.4-Release-Notes.pdf For additional information, please visit our W4 website website.

Hi Neil, The user manual has more details about using the CLI feature. You could try some of the follow options mentioned in the manual. That would allow you to use any facets including the language facet: > 27.2 Command-line arguments > -et, -exportText – Export the extracted texts to a folder. The options -matchQuery, -savedSearch, -deduplicate and -exportDir can be used to control this operation. The resulting files will be named based on their item ID, e.g. 123.txt. > -ss, -savedSearch [File] – Can be used to limit the exported items to those that match the specified saved search. The argument is the path to an XML file holding the saved search. Such a file can be exported from the Saved Searches facet. This allows for using other facets, such as the Date and Type facets, and to combine queries.

Hi Qasim, You may be using an older version of Intella Desktop and that is why you are seeing the additional metadata. We have tested this in version 2.3 and only the preview is printed and nothing else (unless there are attachments and you choose to report those as well).

Hi Qasim, No, this feature has not been added to Intella/Connect yet. To work around it, you will need to export the item, open it in its native application, then print it from there.

Vound is pleased to announce the official release of W4 1.0.3. W4 1.0.3 is available from the Downloads section in the Vound Support Portal, after logging in with your email address and password. Users with a W4 1.0.x license can use this version. Please read the Release Notes before installing or upgrading, to ensure you do not affect any active cases. Highlights Added support for cellphone extractions (Cellebrite, XRY and Oxygen) Added an option to extract Raw data Added a license manager where you can choose with license to use when starting W4 Added version update notification The Dongle Manager is now included in the W4 installer Release Notes W4-1.0.3-Release-Notes.pdf For additional information, please visit our W4 website website.

Information can be found under: https://support.vound-software.com/help/en-us/3-faq/54-collecting-data-from-an-office-365-or-a-sharepoint-source

Here is an article from one of our Partners - Spyder Forensics. In this article we discuss the four main keys for building a successful load file. The Four Keys to Generating a Successful Load File Export

Vound is pleased to announce the official release of W4 1.0. W4 1.0 is available from the Downloads section in the Vound Support Portal. You must be logged in with your email address and password. Users with a W4 1.0.x license can use this version immediately. As an introductory offer, users with Intella Professional, Team or Connect, can use W4 until July 31 2020 with these licenses. Note that you must have a Intella 2.3 Professional (or above) license on your dongle, and your Maintenance Agreement must be current to use W4. If you don't already have version 2.3 on your dongle, you can use the Dongle Manager application to update your dongle. Note: For the introductory offer, you cannot use W4 when the license is actively used by Intella Professional, Team or Connect. Highlights Extremely user-friendly interface which allows the user to quickly find, and investigate the information which is relevant to the case. Blistering-fast indexing speeds that allow access to the indexed data in the shortest time possible. Automatic extraction of notable registry artifacts. This can save the examiner many hours of manual artefacts extraction, and data conversion to human readable format. Search and preview system settings, browser history, device usage, email, attachments, iTunes backups, archives, headers, documents, embedded images, and metadata. Index forensic image files S01/E01/Ex01/L01/Lx01/AD1/ISO and DD and FTK images. Support for Windows and MacOS file systems, GPT and MBR partitions, ISO and others. Multiple search visualization options. These include: ** W4’s unique Timeline – allows the user to select a date range but also understand how much data is in that range. ** Events view – allows the user to visually see every event, or a filtered set of events in chronological order. ** Links graph – this view uses item metadata to link items together to highlight the ownership of data, and what accounts or devices had access to the data. Fully customizable reporting wizard for reporting relevant artefacts in the case ready for Court, or for your client. W4 cases can be directly ingested and integrated into Intella to expand on analysis and reporting. For additional information, please visit our W4 website.

Hi Delson, There are no issues using Connect/NODE 2.3 with the HASP drivers from the 2.2.2 version. These drivers will work with version 2.3 as well. Note that your dongle(s) also need to be updated to version 2.3 before you run the 2.3 version of Connect/Node or Intella. You can do this by running 'Dongle Manager.exe' which is located in the installation folder. Again, you can run the Dongle Manager from 2.2.2 to update the dongle if you don't have the 2.3 application installed.

Hi Fuzed, The next release (2.3) has this functionality. 2.3 will be released in the coming days. But, if you want to try the new functionality now, we can provide you a snapshot version for testing. Please submit a support ticket to https://support.vound-software.com if you would like to test OLK15 in the snapshot version.

Hi Jason, I have sent you the download link and other information.

Hi Shoeb, You will need to purchase another Node license if you want to use two Nodes at the same time.

Hi Shoeb, What you can run depends on what licenses you have purchased, and are on the dongle. The purchase of Connect also comes with a processing license (Node). These two licenses are on the same network dongle. The dongle is designed to work across the network, so yes, you can run Connect on one system, and Node on another system at the same time. Installing Connect/Node on those systems, also installs the license manager and dongle drivers.

Hi, Just an update on the request for the ATTACH_RANGE field. This field will be available in the next release, which is a month or so away.

Hi Bryan, This is a suggestion. Make sure that you test this to make sure that you are getting the correct results, and that the wrong items are not being missed, or included. You could search over the CC field only by selecting that field in the Search options. Then search for this in the search box: * NOT attorney@lawfirm.com That should bring back anything that is in the CC field that is not attorney@lawfirm.com

Hi Bryan, At this point the only 'easy' way to show duplicates of a group of items is to do the work around which you are currently doing. This functionality may be expanded in a future version.

Hi, Are you sure you are tagging the correct email, and not a duplicate of the intended email? You can check this by looking at the Item IDs for the email you want to tag, and the email that gets tagged. The Item IDs will be the same.