±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 33148
New Yesterday: 2 Visitors: 170

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Data presentation

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Data presentation

Post Posted: Mon Apr 02, 2012 2:48 pm

Hi all,

Just wanted to get some feedback from practioners on how they are presenting their data for clients.

I have just done a large email (PST, OST, EML) and document keyword search exercise.

To present the emails I ran dtSearch over the mail containers and EML and exported those messages that had hits. Then to get them back in a presentable manner I used EmailOpenViewPro to wrap the hits back up into a PST to hand to the client. I did encounter some problems, especially with long filenames (which I shortened with FileMonkey) and it turned out to be a long process as I had 30 keywords that we bundled back to 30 PSTs.

To present the documents I also ran dtSearch over them and exported those that had hits. I then ran dirhtml over them that bundles up a nice HTML interface linking each keyword to the files where the hits were.

All this took some faffing to say the least especially as I am restricted by the user not being able to install any programs on their locked down systems.

How do you go about presenting data like this? What would be ideal would be a searchable interface like dtSearch CD which allows you to package up the data (docs and email) and allows the client to search/filter and export themselves with no install (it all runs from the CD). Does anyone know if a free (low cost) options is available?

Many thanks

Shep  

shep47
Senior Member
 
 
  

Re: Data presentation

Post Posted: Mon Apr 02, 2012 4:43 pm

- shep47

How do you go about presenting data like this?


When I encounter such a question, I usually refer back to the goals of my examination, and the audience to which I'm presenting the results. Many times, particularly with "new" exams and customers I haven't worked with before, I'll discuss data presentation at the beginning of the engagement, in order to set their expectations. After all, the most detailed, thorough analysis is useless if no one understands it.  

keydet89
Senior Member
 
 
  

Re: Data presentation

Post Posted: Mon Apr 02, 2012 6:46 pm

I have been heading up an entire Reporting effort in my workplace where we address all sorts of issues with the data presentation layer.

Single email, straightforward inline inclusion in the report. 5-20 or so emails, we make Adobe PDF Portfolios, anything more than that and it's a PST and we walk them through adding it to their own Outlook.

A Universal view type tool is very handy - something written with say, OutsideIN as a backend, can be valuable and at least solve a lot of presentation needs.

But back to your question - is a PST not possible with your client? I couldn't determine if that is the case.
_________________
Blog: secureartisan.wordpress.com 

pbobby
Senior Member
 
 
  

Re: Data presentation

Post Posted: Mon Apr 02, 2012 6:54 pm

Have you considered dtSearch Publish?

At first, I did the same as you.

Ingested all the data with dtSearch, then regurgitated the results back into the native format. I had the same set as you, and throw some .NSFs on top of it. Conversion steps galore.

With dtSearch Publish, you provide not just all the heterogeneous information in a homogenous format, but also give the recipient a very powerful search tool that is easy to understand.  

jhup
Senior Member
 
 
  

Re: Data presentation

Post Posted: Tue Apr 03, 2012 6:59 am

Thanks all,

I love dtSearch Publish but unfortunately (in current times and wanting something for nothing Wink ) we are trying to cut costs and something along these lines but Open Source would be good. My ex-colleague at QCCIS actually wrote a good EnScript to parse selected files and email messages and using OutsideIn it would create an HTML document for client review. The one thing it did lack was the ability for clients to carry out further searches.

Maybe its time for me to crack out the programming books Confused and see what where it leads...(I'm guessing it will be headaches, broken keyboards and shelving of the 'said' programming book)

Thanks

Shep  

shep47
Senior Member
 
 

Page 1 of 1