Hi All,
Â
Hope you guys are doing great.
I need to know about your experience of using INTELLA. My organization want me to do some research on it. The main motive of acquiring Intella so we can do Image analysis (hard drive) and other stuff. What do you think as per your experience is this the right tool to invest the money in? Your suggestion will highly be appreciated  Â
Thank you
Hi All,
Â
Hope you guys are doing great.
I need to know about your experience of using INTELLA. My organization want me to do some research on it. The main motive of acquiring Intella so we can do Image analysis (hard drive) and other stuff. What do you think as per your experience is this the right tool to invest the money in? Your suggestion will highly be appreciated  Â
Thank you
Not sure of the size of your company and getting feedback from users is a really great idea. Until you get your hands on Intella investigation tool feedback can only engage as to how the responder found it given their circumstances, which may not be yours.Â
Perhaps find out to see if you can get hold of a demo version first (but will have limited features activated) or maybe try the small, one-person version of the tool called Intella 10 and its associated tool Intella Viewer. They work together allowing a single person the ability to organize, analyse, and prepare graphs for instance on email e.g. pst. files of 10 GB or less. The file size is a problem in comparison today but that isn't the point. Better to invest a little in a tool to experiment if overall such a tool works for YOU. Additionally, you may find benefit on such a single-user tool, particularly if the type of material that cannot be shared with other people/investigators.
The Intella top-end version Team Manager takes the large files and can distribute them to Intella Team Review investigators: distribute the workload of email to identify relationships between the persons and emails etc. Analysing files over 250BG may meet your need. Of course you will be dealing with material that has already been decrypted first.
Do have a look at the various Windows OS versions I believe Intella works as far back as Win98. The investigator machine should be 32 bit or 64 bit architecture. System resources are only 2MB for this program smaller than some high-resolution photos.
--------
In the case United States of America v Jae Shik Kim, Karham Eng. Corp. (2015) No. 13-0100 (May 8, 2015) (United States of America), the forensic practitioner utilised the forensic software tool EnCase to export files from the suspect's computer, and also used another program Intella to process the files after the extraction, due to providing more advanced capabilities to search the text of emails that were not otherwise searchable.
---------
As a Forensic and e-Discovery Software Visualization tool, some features you may find useful for investigation:
List/table view - Intella
Time lines - Intella
Social graph - Intella
Cluster map - Intella
Word lists - Intella
Tree view (possible tree-map) - Intella
Intella does have a Fuzzy search algorithms implemented as a digital forensic investigation tool. It is noted the variables for setting the tolerated fuzziness in this tool does not always correlate directly with the edit distance thresholds. It is unknown to me, at any rate, whether this tool employs constrained edit distance algorithms or not because their techniques are proprietary. Notwithstanding, it appears to combine the edit distance measure with other types of distance measures, natural language processing and/or information retrieval techniques. Again, how important is that to YOU?
Obtain a copy of " Windows Forensics Cookbook 61 recipes to help you analyze Windows systems" by Oleg Skulkin and Scar de Courcier First published: August 2017 ISBN 978-1-78439-049-5 www.packtpub.com. It is a useful book for investigators. Oleg and Scar are both on this forum and good guys who I am sure could give you tips and tricks for devices with Windows OS versions.
As an investigation tool it is a useful and respected tool but caution, your investigators should be experienced in digital forensics with comprehensive knowledge. No use having someone analysing evidence if they do not know what is missing etc. Is this relevant?
As an open-source tool it is quick in producing its results, but is known to be more complex than other competitive tools. Will that matter to YOU?
Lastly, you will need another tool to test and confirm clearly the efficiency of applying this tool in real-life digital forensic examinations? Is that important?Â
Good luck!
