CloudNine Analyst: Using the Computer Activity Analysis Tool

Using the Computer Activity Analysis Tool

Computer forensics,  proprietary platforms, and structured data are a part of many investigations and growing in eDiscovery projects. This report helps you quickly understand the actions that have taken place on a forensically imaged computer or data from other platforms that may contain key data points (like clocking in/clocking out, CRM activity, etc.). Each category aligns with the typical exports provided by various software suites such as EnCase and FTK and most data exports from third-party and proprietary applications.
Computer Activity is all customizable in that the fields are based on the ACTION field. So all field names are determined by the data loaded in that field.


The Analysis Tool can be found by clicking Analysis Tools in Review and Analysis on the panel on the right.
You can limit your view to Computer Activity by clicking the Computer Activity button at the top.


In projects where there are multiple actors, the Computer Actions Analysis Tool will help you filter and visually represent specific actor(s) activities in a particular date range. There are other options to filter as well and include:
  1. Activity Date
  2. Actor
  3. Artifact Path
  4. Extracted Text (Boolean Search)
Search the artifact path, file / folder name, as well as narrow activity by dates, and then quickly review those items. 

Once you select your criteria and click APPLY, you can click on any of the bars to view those items. You also have the option to use the table view below by clicking on the eye icon.

Expanding, Saving, and Printing the Chart