Start a conversation

Available facets

Available facets

Keyword Suggestions

After at least one search is performed, Intella presents you with a list of terms, relevant to the results of search. You can use them to refine the initial query and thereby improve the search results.
To refine your query with a suggested term, select it in the Suggestions list, and click the Search button below the list.

Keyword Lists

In the keyword list facet you can load keyword lists. A keyword list contains search terms.

A keyword list file is a text file in UTF-8 encoding that contains one search term per line. Note that a search term can also be a combination of search terms, like “Paris AND Lyon.”
Once loaded, all the search terms (or queries) found in the keyword list are shown in the “Queries” panel in the Keyword Lists facet. They are now available for search.

If 'Combine queries' checkbox is selected, multiple terms selected in the 'Queries' panel will be combined to search for items matching any of the selected terms (Boolean OR operator). The items will be returned as a single set of results (one cluster).  If the checkbox is not selected, the selected terms will be searched separately.

Tip: Keyword lists can be used to share search terms between investigators.

Tags

Tags are labels defined by the user that describe individual items.

To refine your query with a tag, select a tag from the Tags list, and click the Search button below the list.

MD5 Hash

Intella can calculate MD5 hashes to check the uniqueness of a file. If two files have the same MD5 hash, Intella considers them to be duplicates. With the MD5 Hash facet you can

1. Find items with a specific MD5 hash and
2. Find items that match with a list of MD5 hashes.

Specific MD5 hash

You can also use Intella to search for files that have a specific MD5 hash. To do so, enter the hash (32 hexadecimal digits) in the field and click the Search button.

List of MD5 hashes

The MD5 Hash list feature allows you to search the entire case for MD5 hash values from an imported list. This is tested up to 15,000 hash values.  Create a text file (.txt) with one hash value per line. Use the Add… button in the MD5 Hash facet to add the list. Select the imported text file in the panel and click the Search button below the panel. The items that match with the MD5 hashes in the imported list will be returned as a single set of results (one cluster).

Tip:  Install a free tool such as MD5 Calculator by BullZip to calculate the MD5 hash of a file. You can then search for this calculated hash in Intella to determine if duplicate files have been indexed.

Tip: Creating a CSV file with Intella is useful when you want to create a list of item related information. Some users utilize this to make a load file. A CSV file is also a good way to create an MD5-list that can be used for the review of other sources.

Source

In the source facet you will see a list of sources scanned by Intella.

To refine your query with a specific source, select the source and click the Search button.

Location

This facet represents paths to the items inside their sources. In the case of a Folder source, each “Location” item represents a hierarchy of folders with the base source folder as a root.
To refine your query with a specific location, select the location and click the Search button.

Important:  The location facet does not search hierarchically. It only searches the files in the chosen location, not the subdirectories.


Date & time

This facet organizes the items into date ranges.

You can create a custom date range by

1. Entering a From and To date. Please note that the date entered in the To-field is part of the date range.

2. Select all date attribute Intella should use:

- File Last Modified (for attachment and file items)
- Content Created (for email items)
- Content Last Modified (for email items)
- Sent (for email items)
- Received (for email items)

Click the Search button to find items created or modified in the date range you specified. The result set will be added to the details panel.

You can add multiple date ranges to your searches in the details panel.

Note: Custom date ranges cannot be stored.

Type

This facet represents the file types (HTML, Microsoft Word, PDF, etc.), organized hierarchically.

To refine your query with a specific file type, select a type from the list and click “Search.”

Author

This facet represents the name(s) of the person(s) involved in the creation of documents. The names are grouped into two categories:

• Creator
• Contributor

To refine your query by a specific creator or contributor name, select the name and click the Search button.

Email Address

This facet represents the names of persons involved in sending and receiving emails. The names are grouped in seven categories:

• From
• Sender
• To
• Cc
• Bcc
• All Senders (From, Sender)
• All Receivers (To, Cc, Bcc)

To refine your query by a specific creator or contributor name, select the name and click the Search button.

Tip: You can export highlighted email addresses in a category to a CSV file by right clicking the category name – From, Sender, To, … – and selecting “Exporting highlighted values…” Email addresses are highlighted when they appear in the results sets. If you selected a results set (cluster) then only the email addresses that appear in the selected set are highlighted.

Language

This facet shows a list of languages that are automatically detected in your items.

To refine your query with a specific language, select the language from the list and click the Search button.

Important: If Intella cannot determine the language of an item, the item will be classified as “Unidentified.”

Size

Organizes items by the size of the file on disk.

To refine your query with a specific size range, select a value from the list and click the Search button.

Features

This facet allows you to add three groups of items:

• Encrypted: all items that are encrypted. Example: password protected PDF documents. If you select Encrypted and click the search button, you will be shown all items that are encrypted.

• Flagged: all items that are flagged by the user.

• Tagged: all items that are tagged by the user.

• Has Copies: all items that have a copy.

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Peter Mercer (Import) (Migrated deleted Agent)

  2. Posted
  3. Updated

Comments