Case Default Memory Settings

[PMG]

We are often getting more and more requests to capture and export MS Teams chat messages to PDF for various stakeholders.  What we are finding out is that the "default" memory settings of our cases often run into "OutofMemory" errors when we export PDFs of the conversations.  Simply adjusting the memory allocation settings seems to resolve this issue (in the case settings), but its a bit of a hassle to close the case, adjust the settings, and then re-open.

Is there a way to set the default memory allocation settings (and service Memory allocation) for each NEW case that is created to be a manual value rather than the "auto" that is currently populated?  We've started using the IntellaCMD.exe and case templates from the command line, so this would help our automation efforts.

[Jacques B]

I see there was no response to your question. This may be a bit late for your benefit, but I use a case template file which in part includes manual settings for memory allocation. I also have many different tasks included in my case template that are automatically run when processing an Exchange mailbox. I also have a default tagging structure in that case template.

One of the tags is "Financial". I have a task that looks for any PayPal emails and tags them under this tag (as a sub-tag). Another that looks for Venmo emails and tags those in a sub-tag bearing Venmo name. Same for Revolut, and banking emails from known banks. This allows an investigator to see emails that identify financial accounts related to the target mailbox.

Likewise, I have a task that looks for social media emails (e.g. Facebook, Twitter, LinkedIn, Instagram) to help an investigator identify social media profiles linked to the owner of the mailbox. I also look for Gmail recovery emails that Google sends out periodically to remind a user that this email address is a recovery email address for the Gmail account {username}@gmail.com. Here again, to help the investigator quickly identify (or exclude) such content.

If a user exports their WhatsApp conversations to an email address, that is assigned a particular subject. I search for that and flag those for the investigators so that they know that there are WhatsApp conversations in the email collection.

For corporate investigations where you deal with specific medical insurance providers, you can also have a task that searches for emails relating to that provider and tag them for your investigator in your initial processing (as part of your case template).

I also tag any email where there are 6+ recipients (arbitrary on my part). If you are investigating a collusion case between two parties, it's unlikely that there will be that many recipients in an email. An investigator can exclude those emails in a search. I know that can be done easily with the Recipient facet in Intella. I do it automatically for the investigator as a convenience.

Case templates combined with tasks can be very helpful in speeding up the review.

***On a side note, I did suggest to Vound via a forum posting that it would be very helpful if you could make some search criteria "sticky". Meaning you could have some Require or Exclude that do not clear when you clear the search, so you don't have to re-apply them each time. The one for 6+ recipients is one example of an exclude that would be useful to be able to stick so that you don't have to remember to run that exclude each time. You could still remove it by clicking on the X next to it (suggested UI option I shared with them). Likewise, if you've tagged stuff as irrelevant, it would be great to make that a sticky Exclude condition unless you explicitly remove it.