arjohn

Hi llanowar, Can you check if the tags are shown in the item's Raw Data tab? Also, would it be possible to send us a (redacted) sample of the XML file for investigation? Feel free to open a support ticket if this is possible.

Hi Adam, You could have a look at the new command line options that are offered by Intella 2.2. Using a script you should be able to use, for example, Google Cloud's AI service to translate such documents and import them back into Intella. See also chapter 27 of the user manual. We'd be interested in hearing your experiences with this option.

Decryption of S/MIME has been added to Intella many years ago, so I don't expect any issue with this.

Maybe it helps to have a look at the Email Thread tab in the item previewer and see if any of the emails are shown as non-inclusive.

Hi Ken, Including the URL in a CSV export is currently not possible. We will try to make this possible in one of the next releases.

This is currently not possible, but we can see why this would be a good idea. I have added feature request for this to our roadmap.

The second options sounds the most logical one, but it really depends on what you're after. Assume you have two emails that have the same attachment and a search that matches this attachment. Deduplicating the set first will remove one of the matching attachments and the export will only contain one of the e-mails. Doing it the other way around will get both e-mails in the export.

Hi Adam, The answer to your question very much depends on how heavily the machine is used. If you're hosting one or two cases to just a few reviewers then the single CPU will likely be more than enough. On the other hand, if you're sharing many cases to many reviewers then having more cores helps. Just keep in mind that the installed RAM can quickly become a bottle neck when scaling up to more shared cases.

Hi fuzed, Emailchemy can read various AOL file formats and convert these to EML files, which can then be processed by Intella: http://www.weirdkid.com/products/emailchemy/

Hi, Thanks for your feedback and good to hear that you love the new functionality. USB mass storage dates: we have deliberately excluded these dates for now as they are notoriously inaccurate form time to time. For example, some dates for devices are updated when other devices are plugged in. As such, it takes quite a bit forensic knowledge to interpret these dates correctly. We do intend to include these dates in a later release, when we can present these in a way that doesn't put investigators on the wrong track. Browser activity: can you let us know where these URLs, cookies and artifacts were found? I.e.: the (anonymized) paths to the files? User accounts: are you referring to Windows user accounts here? These accounts are extracted from the registry, which very likely resided on the OS partition. I'm not sure how to read "did not parse the DATA partition". Do you mean that Intella didn't process any files from this partition? If so, please verify that the source doesn't have any file path exclude filters applied. Also, please check if there are any errors in the case log files that could explain this. See also: Reading an interpreting log files.

Hi, We're regularly testing with Russian texts, so I don't foresee any difficulty here.

Hi, Maybe the Windows Task Scheduler can be of use to you? If you run Connect as a service, you could add a task to shut it down after office hours and start it again the next day.

Hi SamW, The histogram indeed shows the results for all items in the case. We are planning to add both filtering and export options, but we can't predict when this will be available yet. With respect to deduplication: note that even duplicate items can have different dates associated with them. Dates that are extracted from/associated with the item content will be equal, but dates that are external to the item content (like file system dates or dates stored in a PST file) can be different. As such, item deduplication in this histogram will be problematic. The only option that I can think of at this time is to only deduplicate items within the month or year subsets that are being shown. I don't have an explanation for the anomaly that you've mentioned at this time. Can you open a support ticket for this?

Hi Mark, Which property are looking at in the Raw Data tab? Msg items sometimes store multiple bodies with different formats: plain text, HTML and/or RTF. On occasion, these text bodies have slight differences. Can you also check if there are other text body properties listed in the Raaw Data tab?

Hi Mark, What I would do is to select all items/emails that have already been reviewed, export their MD5 and message hashes to csv files and then import those csv's back in using the 'MD5 and Message Hash' facet. These hash lists can then be used as an exclude filter.