Can Intella index a live system?

    Yes, but not directly in the same way it indexes a static evidence image.

    Live system indexing and acquisition

    In situations where a machine is powered on, you can still collect and index data using supported workflows:

    1. Vound W4 (live acquisition and triage) - Who, what, when where

    Vound’s W4 application is designed for live system acquisition and can either be installed, or run as a portable tool directly from a USB drive. This makes it suitable for on-site forensic triage.

    With W4, you can:

    • Acquire data from a live (powered-on) system
    • Create disk images
    • Collect selected files and folders
    • Capture RAM data
    • Perform basic search and preview during acquisition

    This allows investigators to preserve and assess evidence quickly without shutting down the target machine or performing a full traditional imaging process.

    More information on W4 can be found here: https://www.vound-software.com/w4

    2. F-Response (remote and live system access)

    Intella can also be used in environments where data needs to be accessed from a live system over a network, or if the computer is in use, by working with third-party remote acquisition tools such as F-Response (by Matt Shannon).

    In these scenarios, F-Response can:

    • Access remote systems as if they were locally attached drives
    • Acquire and index active or in-use data (for example, open PST files)
    • Work with evidence from networked or remote endpoints without shutting them down

    This combination enables a flexible approach to live and remote forensic investigations, where Intella is used for indexing and analysis, and F-Response provides the remote access layer.

    More information on F-Response can be found here: http://www.f-response.com/

    Cloud data indexing in Intella

    In addition to live system workflows, Intella can natively index data from cloud platforms, including:

    • Dropbox
    • Gmail
    • Microsoft 365 (Office 365)
    • SharePoint
    • iCloud
    • AWS S3

    Summary

    While Intella itself focuses on indexing collected or connected data sources, live system acquisition is handled through W4 (local live capture) and F-Response (remote/live network access). These tools extend Intella’s capabilities into live forensic environments without requiring system shutdown or prior imaging.

    Published