The Intelligent Agent
Introducing ISEEK — the only live-client, process-based ESI solution for eDiscovery, digital forensic, incident response, IT security and compliance activities that exceeds all GDPR requirements.
Running entirely in memory, ISEEK is the embodiment of a patented process. It is an automated tool that can be deployed to run concurrently across any number of computer systems where it operates invisibly in accordance with an encrypted set of instructions. The results of ISEEK's processing are encrypted and sent to a location specified in the set of instructions, which can be a local drive, a network share or cloud storage.
Stand-alone utilities enable the creation of the encrypted set of instructions and the ability to review and process the contents of encrypted results containers.
Once ISEEK has been used to pinpoint the required data and reduce the volume for further review, it enables multiple encrypted results containers to have their contents extracted in a number of different formats (with optional XML metadata) for ingesting by a review tool. These formats include generic load files and a Relativity-specific load file. An API is also provided to enable the encrypted results containers to be directly accessed.
Designed for scale, built for parallel processing
One tool does it all
The work of creating indexes in order to find specific data is time-consuming, disruptive and labour-intensive. XtremeForensics provides the solution with ISEEK: a fast, autonomous tool with no requirement to install software on the endpoints, such as 'dumb agents'. There is also no requirement for specific software to be running on the endpoints (or that needs to be shut down to unlock files).
ISEEK can be deployed across any size network, or just a single device — even by email. It doesn't create background indexes, use up free space or stress corporate network bandwidth while trying to move data or analyse endpoints. Imaging is no longer required to process authenticated data on live machines.
Expensive human resources can now be turned to better uses, since there is no requirement for 'hands-on' as part of the ISEEK search and recovery process.
ISEEK replaces indexing with a patented search method which accurately and reliably locates responsive data on multiple endpoints in parallel. With this new approach, ISEEK is not a tool that falls into any one category: its role depends on the settings applied in the configuration file and the aims of those who deploy it. One day it may be used for an eDiscovery matter, the next day the same organisation could use it to help detect a security breach.
At least 90% of analysed data is typically left on the target machine.
ISEEK provides functionality to:
New approaches, finally practical
Analysis and audit approaches previously considered impossible, impractical or too expensive can now be adopted. Auditors are able to audit entire networks quickly and easily by deploying ISEEK in list-only mode, which means only spreadsheets containing metadata are collected (small enough to be sent by email).
Sample tasks include:
Real workloads, measured results
Processing takes place in the background using the original data stores, without moving any data off the endpoint. On live machines — whether under attack or in use — ISeekDiscovery can access all locked files and process them without creating another pile of discoverable data that would increase your IP risk. Conventional index engines must either hold onto the original data, make a substitute copy, or store the indexes in accessible storage.
The case studies below describe workloads that are impractical or impossible for indexing-based tools. In an age of distributed work, the data may be hundreds or thousands of miles away. You can compare ISeekDiscovery to index-based database tools, search engines, regex engines, forensic tools and monitoring agents — but you cannot beat the outcome, the clock, or the autonomous nature of ISeekDiscovery's parallel processing, with no variable cost.
ISeekDiscovery processes a 100 GB PST file on a typical workstation containing 1.5 million emails and 10 million attachments, searching for five single-word terms — in approximately 68 minutes. Popular tools have been tried at this scale and do not complete the work.
All responsive emails are captured into an encrypted container, dispatched to cloud storage, a share or an attached device, with an immediate encrypted audit report by email listing why each email was captured. The source file is available by NDA. A comparable test file can be assembled from the originally released Enron data set in multiple copies plus Office 365 versions of the attachments.
The same 100 GB PST workload, but the search is for phishing payloads inside emails and attachments — defined as any file containing executable code that is misnamed. Runtime: approximately 31 minutes. All responsive emails are captured into an encrypted container with an immediate encrypted audit report by email. Source file available by NDA.
ISeekDiscovery processes a 4 GB MBOX of 919,000 emails from the public domain, checking each file to determine whether it contains executable code — in under 10 minutes. The expected outcome is 105 emails containing potential malware; results can be verified with VirusTotal. The data comes from the EDRM internationalisation data set: 23 separate MBOX files collapsed into one, plus four duplicate copies. The test file is available on request from support@xtremeforensics.com.
Note on malware detection: ILOOKix has built-in antivirus, but conventional AV does not 'clear' a file — it merely fails to find a positive hit. ISeekDiscovery takes a different approach: while the machine is alive, it looks for anomalies in filename-type conventions, flagging anything that does not make systemic sense rather than attempting to classify a known bad actor.
Demonstration videos of each case study are available on request — contact us.