© Copyright 2019 XtremeForensics

THE INTELLIGENT AGENT

EDISCOVERY - DIGITAL FORENSICS - MALWARE DETECTION - IT COMPLIANCE

Running entirely in memory, ISEEK is the embodiment of a patented process. It is an automated tool that can be deployed to run concurrently across any number of computer systems where it operates invisibly in accordance with an encrypted set of instructions. The results of ISEEK's processing are encrypted and sent to a location specified in the set of instructions which can be a local drive, a network share or cloud storage.​

Stand-alone utilities enable the creation of the encrypted set of instructions (ISEEKDesigner) and the ability to review and process the contents of encrypted results containers (ISEEKExplorer).

Once ISEEK has been used to reduce the data load for further review, another stand-alone utility (ISEEKExtractor) enables multiple encrypted results containers to have their contents extracted in a number of different formats (with optional XML metadata) for ingesting by a review tool. An API is also provided to enable the encrypted results containers to be directly accessed.

The ISEEK
Patented Process

The work of creating indexes in order to find specific data is time consuming, disruptive and labor intensive. XtremeForensics now provides the solution to these issues with ISEEK; a fast, autonomous tool with NO requirement to install software on the endpoints, such as 'dumb agents'. There is also NO requirement for specific software to be running on the endpoints (or that needs to be shut down to unlock files)..

 

ISEEK can be deployed across any size network or just a single device, even by email.  It doesn't create background indexes, use up freespace or stress corporate network bandwidth while trying to move data or analyze endpoints.  Making images is no longer required to process authenticated data on live machines.   
 

Expensive human resources can now be turned to better uses since there is no requirement for ‘hands-on' as part of the ISEEK search and recovery process.
 

ISEEK replaces ‘indexing’ with a patented search method which accurately and reliably locates responsive data on multiple endpoints in parallel. With this new approach ISEEK is not a tool that simply falls into any one category because its role simply depends on the settings applied in the configuration file and the aims of those who deploy it. One day it may be used for an eDiscovery matter, the next day the same organization could use it to help detect a security breach.

 

EDiscovery

 

With ISEEK it is now possible to query 1000 machines concurrently without disrupting the network infrastructure and dramatically reduce the volume of data being fed into the review / hosting processes.   

 

The security risk associated with collecting corporate data is eliminated – not just mitigated - with ISEEK, because the data is secured at all times using AES256 encryption (even in memory).

 

Global language issues are irrelevant in the ISEEK process because it employs a disk-level string design as part of its search mechanism. This methodology removes limitations imposed by the indexing approach.  It is especially (and uniquely) effective for non-English symbolic-based languages and complex search/processing parameters.

A built-in standalone review application provides first-tier review of all data processed without the risk of  unwittingly injecting the output into the host system where it could be recovered by unauthorized parties.  Customers can maintain their own confidentiality without having to use web based review tools.

Digital Forensics and Security

 

ISEEK provides functionality to:

 

  • Process then collect artifacts such as event logs, Windows log files, pagefile, hiberfil, swapfile.

  • Process then collect USN journals, registry files, scrum databases and db tables as well as deleted files.

  • Generate summary reports and capture all LNK files, text files, shellbag entries and prefetch files (within specific date ranges if required).

  • Search and report Registry 'last write' dates within specific date ranges if required).

  • Collect and/or report on all files containing executable code regardless of file type or extension.

  • Capture system memory images (very effective due to ISEEK’s  low memory footprint).

  • Process and capture Sqlite databases and logs of all types.

  • Process and collect deleted files in all NTFS and FAT filesystems.

  • Identify executable files in unusual locations as well as unknown executable code.

Auditing and Compliance
 

Analysis/audit approaches  previously considered impossible, impractical or too expensive can now be adopted. 

Auditors are able to audit entire networks quickly and easily by deploying ISEEK in non-process mode which means no responsive files are collected with only spreadsheets of the results produced for review. Sample task include:

  • Identify systems/applications that have not been authorized for use.

  • Monitor and report compliance with company IT policies.

  • Audit software licensing. 

  • Inspect systems for PPI or credit card data stored inappropriately.

  • Inspect systems for misuse (e.g. TFN, movie/web email or browser use).

 

Introducing ISEEK - the only live client, process-based ESI solution for eDiscovery, digital forensic, IT security and compliance activities that exceeds all GDPR requirements.

ISEEK Key Features

  • Runs without the need for indexing

  • Searches across all drives and network shares

  • No installation required

  • No dongles involved

  • Defensible and verifiable data collection

  • Fast search engine featuring parallel processing

  • Searches 'live' documents, spreadsheets, e-mail, archives, and more

  • Produces 256 AES encrypted, password-protected output stores

  • Export responsive content to review tools

  • Automatic file inclusions and exclusions

  • Captures metadata on all files collected

  • The requirement for De-Nisting is removed