Nuix 7.2. Powering today. Shaping tomorrow.
The latest release of Nuix 7.2 eDiscovery Workstation is absolutely packed full of new exciting features. Below I will attempt to offer some brief details on some of the more interesting features which will help you to conduct a more comprehensive investigation or discovery workflow.
For a full list of changes please refer to the Nuix 7.2 changelog documentation available here.
Cloud storage provider support has been improved by offering support for accounts from Google Drive, Microsoft OneDrive, Apple iCloud and Box.com. In the Add/Edit evidence dialogue you will see these options under ‘Add Network Location’. While Nuix already has support for Dropbox accounts, we now also offer support for extracting deleted files from Dropbox!
Microsoft EDB files
We have added support for extracting data from the Extensible Storage Engine (ESE) Database File (EDB) format. The ESE database format has been used by several different functions within the Windows operating system for a while now such as Content Indexing / Windows Desktop Search and Active Directory, but in recent times it has become the standard database for storing Internet Explorer browser artefacts. It also stores information from Cortana, the Windows 10 virtual assistant.
This is a cool new feature that allows for ingestion time decryption of certain file types. This feature can be accessed when adding / processing new evidence by selecting the “Decryption keys” in the evidence processing settings dialogue. If you wish to use this feature you will need to select an existing word list in your case as the password bank feature is otherwise off by default. After successfully decrypting a file the new unencrypted version appears as a child item of the original encrypted item. We provide both files to support multiple workflows.
Create new child items from selected binary regions
This is one the forensic folks will be happy to hear about. You can now select a specific region of binary in the binary viewer and create a new child item from that region. A typical scenario where this could be used is to create new child items using text stripped regions of unallocated space.
In previous versions of Nuix you would not be able to use the Maps view without an internet connection, however many investigators work in air-gapped offline environments – So they would not be able to make use of a very powerful feature of Nuix. With 7.2 you now have the option to switch your maps view to “OpenStreetMaps” in the top left corner of the of the maps view.
For now the built-in web browser is not capable of rendering the OpenStreetMaps” data directly so there is a requirement to run a “tile server” which is just a node.js app that serves these rendered files to the built-in browser. The IP address / URL of this server will need to be specified under “Global Options > Results”. While I have not personally tested this, I have heard that the performance of this view is much better than Bing maps as it uses GPU-accelerated HTML canvas to render vector data whereas Bing Maps fetches heavy pre-rendered JPEG tiles from a server.
You can take any item and pivot around it by either time or location showing you all items or events that happened within a given time window, or within a specified distance (Geo-location). Select any item(s) in the results pane, right-click and navigate down to “Pivot” which has sub-menus for time and location. This pivot feature has been implemented in Workbench and Context.
Imaging and production profiles
Production sets now make heavy use of Imaging and Production profiles to help control exports and provide repeatable control which can be specified under the “Imaging and Production” tab when creating a Production set. You now have access to fine-grained control to specify how to image each type of document. One example where this might be useful is creating custom slipsheet templates for a specific imaging profile, based on defined rules.
I think Eddie Sheehy summed up the new release of Nuix 7.2 aptly, and I strongly agree with his sentiment:
“In response to requests from our customers in advisory firms, litigation service providers, law enforcement agencies, and businesses around the world, we’ve added features to help them conduct comprehensive eDiscovery and investigation workflows within a single application.”
Although some of my descriptions are brief I do intend on elaborating on these in future posts. If anyone wants to add discussion to what I mentioned above feel free!