How to Filter Computer Activity

How to Filter Computer Activity

When in Review Project Metadata, you can filter by Computer Activity and the sub-categories:
  1. Attachment Name
  2. Artifact Path
  3. Computer Action
  4. Last Accessed
  5. Last Modified
  6. Source
  7. Computer Folder
  8. Address Lookup
  9. IP Address


Once you select the Computer Activity filter, you will see more options open up in your filters. 



You can select any number of these either together or on their own to run your search or filter. 

Attachment Name

You can search by attachment name in whole or in part as wildcard is added by default. You can also include this filter if you want results to definitely have or NOT have attachments.



If you have a large number of search terms, you can click on the expand icon which will produce a larger text box.



Artifact Path

You can search the artifact path field by adding a complete or partial path or terms. This field could be web addresses, file paths, or other information that shows original locations of a data point.

Computer Action

The action filter allows you to select main actions by the actor. You can select one or many of the actions as part of your filter/search. The Action options and descriptions are:
  1. Device Added/Removed – Typically USB or Thumb Drive inserted to computer
  2. File/Folder Copied/Moved
  3. File/Folder Created
  4. File/Folder Opened
  5. Other – Custom category if not covered in the templates
  6. Program Execution
  7. Search Performed
  8. URL Accessed
  9. User Login/Logout

Last Accessed and Last Modified

You can search the date ranges for the last accessed or modified date fields. Use the dropdowns to select the date ranges needed.



When you have your criteria select APPLY to execute your filter(s). If you need to start over, click RESET and the Filter will go back to defaults.

Source and Computer Folder

You can search by attachment name in whole or in part as wildcard is added by default. 

Address Lookup

You can search on physical address, or Latitude or Longitude. You also have the option to include anything WITH or WITHOUT an address as your filter.

IP Address

You can put in the total or partial IP Address as part of your filter.


    • Related Articles

    • How to Export Computer Activity

      When you have completed a review or want to export out a set of computer activity data, you can deselect the other categories to have only Computer Activity To export your data you can find the menu on your right hand pop-out panel. Click Export From ...
    • Using the Computer Activity Analysis Tool

      Computer forensics,  proprietary platforms and structured data are a part of many investigations and growing in eDiscovery projects. This report helps you quickly understand the actions that have taken place on a forensically imaged computer or data ...
    • Viewing a Computer Activity Item View With Geolocation

      In your project dashboard, click on "Review Project Metadata." On your left, you will see a list of filters. Select the "Type" filter to display a list of sub-categories. From that list, click on "Computer Activity." After you hit APPLY, you will see ...
    • Understanding the Available Fields for Computer Activity

      Overview Computer forensic artifacts, proprietary platforms and structured data are a part of many investigations and growing in eDiscovery projects. With Computer Activity, you can use this category for many different types of data. This article ...
    • How to Import Electronic Files of Any Type into ESI Analyst

      Electronic files of any type are always an important part of any investigation. You can easily load any type of electronic file or media through ESI Analyst's import system. To import files and media you will want to select Computer Activity under ...