New feature in W4 - W4 case ingestion in Intella

[jon.pearse]

New feature in W4:

We are adding the ability to ingest a W4 case into Intella. This work should be completed for the next release of Intella (version 2.3). This is actually an Intella feature, however, it is a way to expand on the W4 case, and identify more related artifacts that may be in the dataset. 

 

Use case:

W4 is designed to extract user and system created artifacts quickly, so that the user has these artifacts ready for review in the shortest time possible. We have had reports from beta testers that W4 has blistering fast indexing speeds, compared to similar products from other vendors. By default, W4 does not index every item in the source dataset like how it is done in Intella (although, there is an option which does allow this). When triaging evidence, the most pertinent artifacts are from user created/altered data/documents, and system artifacts. W4 is designed to take a quick look into the evidence to identify usage on a system. The results can help the investigator to decide whether further investigation is required. If further investigation is required, the evidence can be ingested into an Intella case where you have the full suite of tools and functionality to process and analyse the data.

During the ingestion process, Intella allows the user to choose a number of options for the ingestion of the W4 case. The user can expand the already tagged items which are in the W4 case using the Smart Search features. More evidence/artifacts can be identified that are similar to the items in the W4 tags. The new artifacts and data are reported when the ingestion process is complete.