The goal of the Analyst is to provide valid evidence for the investigation in progress. Evidence is:
To do this, the Analyst can perform the following procedures:
To select and retrieve important evidence:
Step | Action |
---|---|
1 |
In the File System section, during remote tapping, explore the device hard disks searching for files to be downloaded.See "Retrieve evidence from devices (File System)" |
2 |
In the Dashboard section, add the operation, targets and agents to be monitored to the dashboard. |
3 |
In the Alerting section, set rules to be alerted when evidence of special interest arrives and to tag evidence according to relevance. See "Alert". |
To analyze, select and export evidence:
Step | Action |
---|---|
1 |
In the Evidence section, analyze evidence and tag them according to relevance and whether or not they are to be exported. |
2 |
For evidence of special interest, move on to detailed analysis. |
3 |
In the Evidence section, export useful evidence. |
4 |
In the File System section, export the hard disk structure |
To process information obtained on people and places involved in the investigation:
Step | Action |
---|---|
1 |
In the Intelligence section, view and manage entities in an operation. See "Entity management: icon and table views", "Entity management: link view", "Entity management: Position view". |
2 |
View or edit entity details. See "Target entity details", "Person entity details""Position entity details""Virtual entity details"See "Evidence details" |
3 |
In the Alerting section, build rules to be alerted when the system automatically creates new entities and new links and to tag links according to their relevance. |
RCS9.4 | User's Guide | © COPYRIGHT 2014