THE INTELLIGENT AGENT

EDISCOVERY - DIGITAL FORENSICS - MALWARE DETECTION - IT COMPLIANCE

INTRODUCING ISEEK - THE ONLY LIVE CLIENT, PROCESS-BASED ESI SOLUTION FOR EDISCOVERY, DIGITAL FORENSIC, IT SECURITY AND COMPLIANCE ACTIVITIES THAT EXCEEDS ALL GDPR REQUIREMENTS.

Running entirely in memory, ISEEK is the embodiment of a patented process. It is an automated tool that can be deployed to run concurrently across any number of computer systems where it operates invisibly in accordance with an encrypted set of instructions. The results of ISEEK's processing are encrypted and sent to a location specified in the set of instructions which can be a local drive, a network share or cloud storage.​

Stand-alone utilities enable the creation of the encrypted set of instructions and the ability to review and process the contents of encrypted results containers.

Once ISEEK has been used to pinpoint the required data and reduce the volume for further review it enables multiple encrypted results containers to have their contents extracted in a number of different formats (with optional XML metadata) for ingesting by a review tool. These formats include generic load files and a Relativity-specific load file. An API is also provided to enable the encrypted results containers to be directly accessed.

ISEEK

KEY FEATURES

  • Runs without the need for indexing

  • Searches across all drives and network shares

  • No installation required

  • No dongles involved

  • Defensible and verifiable data collection

  • Fast search engine featuring parallel processing

  • Searches live/locked documents including email, compressed files and all document types

  • Produces 256 AES encrypted, password-protected output stores

  • Export responsive content to review tools

  • Automatic file inclusions and exclusions

  • Captures metadata on all files collected

  • The requirement for De-Nisting is removed

  • Covert operation

THE ISEEK PATENTED PROCESS

ONE TOOL DOES IT ALL!

The work of creating indexes in order to find specific data is time consuming, disruptive and labor intensive. XtremeForensics now provides the solution to these issues with ISEEK; a fast, autonomous tool with NO requirement to install software on the endpoints, such as 'dumb agents'. There is also NO requirement for specific software to be running on the endpoints (or that needs to be shut down to unlock files)..

 

ISEEK can be deployed across any size network or just a single device, even by email.  It doesn't create background indexes, use up freespace or stress corporate network bandwidth while trying to move data or analyze endpoints.  Making images is no longer required to process authenticated data on live machines.   


Expensive human resources can now be turned to better uses since there is no requirement for ‘hands-on' as part of the ISEEK search and recovery process.


ISEEK replaces ‘indexing’ with a patented search method which accurately and reliably locates responsive data on multiple endpoints in parallel. With this new approach ISEEK is not a tool that simply falls into any one category because its role simply depends on the settings applied in the configuration file and the aims of those who deploy it. One day it may be used for an eDiscovery matter, the next day the same organization could use it to help detect a security breach.

E-DISCOVERY

At least 90% of analysed data is typically left on the target machine​

  • No volume charges

  • With ISEEK it is now possible to query thousands of machines concurrently anywhere on earth without a human having to travel

  • No network disruption

  • Dramatically reduce the volume of data being fed into the review / hosting processes.   

  • The security risk associated with collecting corporate data is eliminated because the data is secured at all times using AES256 encryption (even in memory).

  • The ISEEK process is ‘language neutral’ because it employs a patented disk level search algorithm. 

  • ISEEK removes the limitations imposed by the indexing approach.  It is especially (and uniquely) effective for non-English symbolic-based languages and complex search/processing parameters.

  • ISEEK provides first-tier review of all data processed in a secure environment with all data encrypted at all times.

DIGITAL FORENSICS + SECURITY

ISEEK provides functionality to:

 

  • Process then collect artifacts such as event logs, Windows log files, pagefile, hiberfil, swapfile.

  • Process then collect USN journals, registry files, scrum databases and db tables as well as deleted files.

  • Generate summary reports and capture all LNK files, text files, shellbag entries and prefetch files (within specific date ranges if required).

  • Search and report Registry 'last write' dates within specific date ranges if required).

  • Collect and/or report on all files containing executable code regardless of file type or extension.

  • Capture system memory images (very effective due to ISEEK’s  low memory footprint).

  • Process and capture Sqlite databases and logs of all types.

  • Process and collect deleted files in all NTFS and FAT filesystems.

  • Identify executable files in unusual locations as well as unknown executable code.

AUDITING + COMPLIANCE

Analysis/audit approaches  previously considered impossible, impractical or too expensive can now be adopted.

Auditors are able to audit entire networks quickly and easily by deploying ISEEK in list-only mode which means only spreadsheets containing metadata are collected (which are small enough to be sent by email).

 

Sample tasks include:

  • Identify systems/applications that have not been authorized for use.

  • Monitor and report compliance with company IT policies.

  • Audit software licensing. 

  • Inspect systems for PPI or credit card data stored inappropriately.

  • Inspect systems for misuse (e.g. TFN, movie/web email or browser use).

ISEEK VIDEOS

 

This is a collection of videos showing different aspects of ISeekDiscovery in action.

 

Processing takes place in the background using the original data stores, but without moving any data off the endpoint. Unlike the claims of other methods, on live machines under attack or being in use, ISeekDiscovery can access ALL locked files and process them without creating yet another pile of discoverable data which would increase your IP risk.  Think of index engines since all of them either have to hold onto the original data, make a substitute copy of the originals, or store the indexes in accessible storage.

 

The tasks undertaken in these videos are impossible for your current tools.  We have them – we tried them – they didn’t work.  Watch the numbers in the videos by comparing ISeekDiscovery to your current forensic tools. In this age of COVID, you may be hundreds or even thousands of miles away from the data without any help from anyone or anything.  You can compare index-based database tools, search engines, regex engines, forensic tools, monitoring agent applications, and all the people you can find – but you still can’t beat the outcome or the clock or the autonomous nature of ISeekDiscovery’s parallel processing.  You seriously cannot beat ISeekDiscovery’s accuracy and only ISeekDiscovery allows you to do all the processing you want for no variable cost.

 

We have included some real-time movies for several use cases, the common thread being that WITHOUT ISEEKDISCOVERY THE FOLLOWING EXAMPLES ARE IMPOSSIBLE

 

EXAMPLE of EDRM processing :

 

EDRM 1 - [Runtime: 10 minutes (75 minutes compressed)] 

[update 10/01/20 – the time is now 68 minutes]

 

The only forensic automaton, ISeekDiscovery, processing a 100 gig PST file (on a below average PC) containing 1.5 million emails and 10 million attachments.  In this example, we are searching for 5 single-word terms that any product SHOULD find if given enough time – but we have tried all the popular tools and they won’t.  

 

Can you tell your tool to capture all responsive emails into an encrypted container, send that container to any cloud storage, share or attached device? Very importantly, get an IMMEDIATELY COMMUNICATION by email with an encrypted audit report listing why each email was captured? 

 

The source file is available by NDA only. None of the email contents have been created by us. You can create a similar test file using the originally released Enron data set in multiple copies plus Office365 versions of the attachments of 1 set. 

 

EXAMPLES of IR processing:

 

Incident Response 1 - [Runtime 31 minutes]

 

The only forensic automaton, ISeekDiscovery, processing a 100 gig PST file (on a below average PC) containing 1.5 million emails and 10 million attachments. 

 

In this example, we are searching for phishing code inside email’s and attachments which we have defined as being any file containing executable code that is misnamed.  Can you tell your tool to capture all responsive emails into an encrypted container, send that container to any cloud storage, share or attached device? Very importantly, can you get an IMMEDIATE COMMUNICATION by email with an encrypted audit report listing why each email was captured?

 

The source file is available by NDA only.

Incident Response 2 - [Runtime < 10 minutes]

 

The only forensic automaton, ISeekDiscovery, processing a 4 GB MBOX file from the public domain. 

 

In this example, ISeekDiscovery is searching for malware by checking each file in a 4 gig MBOX file of 919,000 emails to see if it contains executable code. Can ANY of your current tools, in less than 3 minutes, identify and extract emails that contain potential malware products?  

 

The data is in public space at edrm.net’s international dataset (https://edrm.net/resources/data-sets/edrm-internationalization-data-set/)  Our test file is the 23 separate mbox files, collapsed into 1 mbox along with 4 duplicate copies.  The expected outcome is 105 emails containing potential malware.  Use Virus Total to verify the findings.  Can you tell your tool to capture all responsive emails into an encrypted container, send that container to any cloud storage, share or attached device, even (potentially) in email itself?  And very importantly, can you get an IMMEDIATE COMMUNICATION by email or text with an encrypted audit report listing why each email was captured? 

 

You can create the test file,  or request a download from us using Googledrive by sending an email to source@xtremeforensics.com 

 

NOTES:  While ILookIX does have built-in antivirus, the point here is AV will simply fail outright and it does not “clear” a file, it just does not find a positive hit.  ISeekDiscovery takes a revolutionary approach by finding anomalies in the filename type conventions while the machine is alive. ISeek is only interested in anything that does not make systemic sense, not whether or not it is a bad actor.  The EDRM files noted here (see that movie section) do have malware, as do the original Enron data sets as published in the past.

© Copyright 2020 XtremeForensics
  • Grey LinkedIn Icon