COMPARE DEMO TEST

 

Although ISeek cannot be directly compared to any other tool, we present three modest tests to quantify the differences between using ISeek for processing/collecting live data, and your own tools and methods. 

 

The tests focus on email since it accounts for 80% of all eDiscovery data. The efficient analysis of email is the paramount issue for any eDiscovery collection and ISeek has no competition for email investigations on live client systems.  In addition, 80% of all malware is introduced by email phishing exploits. 

 

We have listed below the nominal results that ISeek obtains from the two (single file) data tests. Simply download the two small files and run the defined test as described but using your own methods.  You can then compare your results to ISeek results published here. 

 

TESTS

 

There are three data tests using just two files, File A and File B.  

 

1. Test A is simple and consists of a single PST file from the 20-year-old Enron corpus.   If you do not have a copy, you can download the file below. 

2. Test B is a single file created from International email Mbox files from Ubuntu and edrm.net.  The MBOX file includes 23 different languages.

Test A or B require only a single running Windows computer (virtual or physical) with 2 GB ram. 

 

Open both the MBOX and PST in your native applications and send / read email from them while testing. The test result minimums you should find for all three tests is provided in the following table :


 

ISeek A and B Test Results

 

 

* Consider how much labour is involved in deployment with other methods, how important accuracy is to your own business goals, and how the process flow returns the results for immediate review or distribution.  ISeek has no user hands-on interaction requirement to either run or produce output.  There is no setup condition for an investigated device and there is no requirement to create indexes at any place or time in order to generate results that can be reviewed immediately after being found

** No raw irrelevant data has to be created or moved anywhere to generate positive ISeek results.  ISeek processes data where the data lives, not just where it is accessible to another more distant process.  This value is processed bytes of input, not file size.   

If you meet or exceed the Email counts, you only have to compare runtime speed of less than 180 seconds. 

 

  1. TEST A – Goal 1 of 2 - process the tgz PST file email container found here and produce the PPI/PII information for any USA SSN identifications within all relevant mails.

  2. TEST A – Goal 2 – process the same email container to find any/all emails containing Windows executable code of any type.  If objects are found – see if VirusTotal or another method can attribute malware to the files found.  (note: both Goals should be run at the same time)

  3. TEST B – Goal 1 of 1– Process the single  tgz MBOX file as found here, and produce the target emails in msg or eml format which contain any of these five native test strings.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

† Google translate can be used to verify the native language versions.   Copy and paste from translate if you have problems copying from this webpage.  Note: ISeek provides you a summary of the results by email in 12 seconds and it uploads the result data files to an AWS Linux cloud SFTP transfer server direct from the client endpoint in 10 seconds, but we don’t expect your method to achieve this functionality.

 

 

 

TEST C – In this test, you will run ISeekDiscovery against these same data files on your premises.  You must furnish some brief background information before the runtime link is sent by email, this includes sending Xtreme some results from either TEST A or B or both.   A real scenario that you want to pursue may also be submitted via email (ex: protect you from Ransomware losses) and we will send you all you need in one email with no training required.  One last point, it is impossible to hack successfully into any encrypted pipe carrying ISeek data because data is encrypted at every processing stage, regardless of any network design.  Generally, ransomware will skip over ISeek files because of their unknown name type and high entropy, but even if it didn’t, ransomeware can never read the ISeek data files or publish unencrypted data from them.  They could be stolen, but no loss can be incurred.

 

 

https://enterprise.verizon.com/resources/reports/2021-data-breach-investigations-report.pdf (pg. 84)

 

 

 

ISeek eliminates identification and collection costs while reducing downstream costs by enabling the efficient selection of responsive items. This returns immediate savings for In-House processing of relevant data and reduces review volume using targeted searches and by using an ISeek review application that is free and unlimited.  The ISeek user, not the software, and not the client, holds all encrypted data output. ISeek alone, forces costs for functions like safe harbor and retention (legal hold) to be ZERO volume cost as well.   FREE unlimited processed data from unlimited machines anywhere in the world is the default model for ISeek.  This factor should be quantified in your test outcomes for your own values.  If running the test with your method cost anything in time or in data, then it failed to create comparable value.  

 

It should be noted here that because of ISeek’s design, collection does not incur volume fees, (a significant feature for “In-house” eDiscovery work) and the end-user always holds all the encrypted data output from ISeek. This makes downstream costs for matters involving safe harbor and retention (legal hold) to have zero vol cost.  

 

FREE unlimited data from unlimited machines anywhere in the world is the default model for ISeek.  This factor should be considered in your test outcome. 

If you have other test data you would like for ISeek to process, feel free to request a live test and we’ll do a web run against your test data, on or off the cloud.  If you already have cloud accounts at AWS such as an S3 bucket or EC2,  you can test there as well.

Demo Pic 2.JPG