Using the Computer Activity Analysis Tool

Using the Computer Activity Analysis Tool

Computer forensics,  proprietary platforms and structured data are a part of many investigations and growing in eDiscovery projects. This report helps you quickly understand the actions that have taken place on a forensically imaged computer or data from other platforms that may contain key data points (like clocking in/clocking out, CRM activity, etc.). Each category aligns with the typical exports provided by various software suites such as EnCase and FTK and most data exports from third party and proprietary applications.

Computer Activity is all customizable in that the fields are based off of the ACTION field. So all field names are determined by the data loaded in that field.

The Analysis Tool can be found by clicking Analysis Tools in Review and Analysis on the panel on the right.
You can limit your view to Computer Activity by clicking the Computer Activity button at the top.


In projects where there are multiple actors, the Computer Actions Analysis Tool will help you filter and visually represent specific actor(s) activities in a particular date range. There are other options to filter as well and include:
  1. Activity Date
  2. Actor
  3. Artifact Path
  4. Extracted Text (Boolean Search)
Search the artifact path, file / folder name, as well as narrow activity by dates and then quickly review those items. 

Once you select your criteria and click APPLY, you can click on any of the bars to view those items. You also have the option to use the table view below by clicking on the eye icon.

Expanding, Saving, and Printing the Chart

    • Related Articles

    • Understanding the Available Fields for Computer Activity

      Overview Computer forensic artifacts, proprietary platforms and structured data are a part of many investigations and growing in eDiscovery projects. With Computer Activity, you can use this category for many different types of data. This article ...
    • Overview and Navigation of Analysis Tools

      Analysis Tools are provided to create visual around certain data. They were created to help investigators and project teams interact and see data trends and counts visually.  You can find Analysis Tools by clicking on the link in the Review and ...
    • How to Filter Computer Activity

      When in Review Project Metadata, you can filter by Computer Activity and the sub-categories: Attachment Name Artifact Path Computer Action Last Accessed Last Modified Source Computer Folder Address Lookup IP Address Once you select the Computer ...
    • How to Export Computer Activity

      When you have completed a review or want to export out a set of computer activity data, you can deselect the other categories to have only Computer Activity To export your data you can find the menu on your right hand pop-out panel. Click Export From ...
    • Viewing a Computer Activity Item View With Geolocation

      In your project dashboard, click on "Review Project Metadata." On your left, you will see a list of filters. Select the "Type" filter to display a list of sub-categories. From that list, click on "Computer Activity." After you hit APPLY, you will see ...