Investigations
      Back to home
      1. Help Center
      2. CloudNine Analyst
      3. Investigations

      CloudNine Analyst: How to Filter Computer Activity

      How to Filter Computer Activity

      When in Review Project Metadata, you can filter by Computer Activity and the sub-categories:
      1. Attachment Name
      2. Artifact Path
      3. Computer Action
      4. Last Accessed
      5. Last Modified
      6. Source
      7. Computer Folder
      8. Address Lookup
      9. IP Address


      Once you select the Computer Activity filter, you will see more options open up in your filters. 



      You can select any number of these either together or on their own to run your search or filter. 

      Attachment Name

      You can search by attachment name in whole or in part as wildcard is added by default. You can also include this filter if you want results to definitely have or NOT have attachments.



      If you have a large number of search terms, you can click on the expand icon which will produce a larger text box.



      Artifact Path

      You can search the artifact path field by adding a complete or partial path or terms. This field could be web addresses, file paths, or other information that shows original locations of a data point.

      Computer Action

      The action filter allows you to select main actions by the actor. You can select one or many of the actions as part of your filter/search. The Action options and descriptions are:
      1. Device Added/Removed – Typically USB or Thumb Drive inserted to computer
      2. File/Folder Copied/Moved
      3. File/Folder Created
      4. File/Folder Opened
      5. Other – Custom category if not covered in the templates
      6. Program Execution
      7. Search Performed
      8. URL Accessed
      9. User Login/Logout

      Last Accessed and Last Modified

      You can search the date ranges for the last accessed or modified date fields. Use the dropdowns to select the date ranges needed.



      When you have your criteria select APPLY to execute your filter(s). If you need to start over, click RESET and the Filter will go back to defaults.

      Source and Computer Folder

      You can search by attachment name in whole or in part as wildcard is added by default. 

      Address Lookup

      You can search on physical address, or Latitude or Longitude. You also have the option to include anything WITH or WITHOUT an address as your filter.

      IP Address

      You can put in the total or partial IP Address as part of your filter.