How to Create/Open a Case Quick Start Guide > Creating/Opening a case To Create a “New” Case: 1. Choose “New Case from the home screen or 2. Choose “New Case” (Ctrl + N) from the “File” menu. O R > Creating/Opening a case To Open an existing case: 1. Choose “Open Case from the home screen or 2. Choose “Open Case” (Ctrl + O) from the “File” menu. O R > New Case settings The first dialogue box requests basic inputs and settings: • Case name • Directory where the case is to be saved (must be local disk as using network shares for the case index can be unreliable and may lead to database corruption – (Apache Derby Requirement)) • Investigator (name or ID) • Description (of case) Note: These details can be changed by selecting File, -> Case Properties > New Case – Advanced Settings The Processing Tab After selecting the Advanced Settings button, users will be able to set processing and parallel processing settings. Note: The options set here cannot be changed later for the case. So any additional evidence that is added will also have these settings. Note: These settings are sticky and will be remembered for the next case you create. > New Case – Advanced Settings Text processing options By selecting “Store and index text of data items” enables searching of text contained in the dataset. The options for storing and indexing are: • English language stop words, as set by the Lucerne database: a, an, and, are, as, at, be, but, by, for, if, in, into, is, it, no, not, of, on, or, such, that, the, their, then, there, these, they, this, to, was, will and with. • English language stemming: searches for plurals and other word variants. For example, if the search word is “control”, this option will return documents containing “control”, “controlling”, “controller”, “controls” etc. If not selected, the search will return only documents containing the word “control”. > New Case – Advanced Settings Text processing options • Enable exact queries – Case Sensitive – ‘OTG’ – Special Characters - ‘P&L’ – Punctuation – ‘ASAP!’ • Extract named entities – Extract entities such as credit card number, social security number, company name, etc > New Case – Advanced Settings Store binary of data items • Pro: Enables the reviewer to very quickly review documents in their native format; • Pro: Speeds up the export of native files; • Con: - Reduces indexing speed by 20-30%; • Con: Data storage requirements for evidence will increase from approximately 20-50% of the original data set to approximately 150-250% * * Index size will depend on the make up of the data > New Case – Advanced Settings Extract from slack space of email boxes Nuix Desktop can recover permanently deleted e-mails in Microsoft formats, including PSTs, OSTs, DBX and EDB/STM files. > New Case – Advanced Settings Create thumbnails for image data items Enables the display of all extracted images as thumbnails for quick review > New Case – Advanced Settings Skin tone analysis Nuix Desktop applies a skin-tone detection algorithm on all images. This analysis categorizes images into four groups based on the percentage of skin tone present (pixel analysis): • Severe – over 50% • High – between 20% and 50% • Medium – between 5% and 20% • Low – below 5% > New Case – Advanced Settings SHA-1 and SHA-256 Digest Nuix provides two alternative digest values to assist in forensic investigations: • SHA-1 • SHA-256 Note: Calculating SHA digest values will increase the processing time. (MD5 is the default digest) > New Case – Advanced Settings Maximum Digest Size This value specifies a threshold for calculating the MD5 digest for an item. Files over that size will not have a digest calculated and therefore will not be eligible for de-duplication. Note: Carefully consider this value to ensure that it is large enough to cover most user files but is not too large so that Nuix tries to hash large forensic image files/segments. > New Case – Advanced Settings Maximum Binary Size This value specifies a threshold for inserting items into the Binary store. Only files under the Binary size threshold will be stored in the Binary store. > New Case – Advanced Settings Parallel Processing  Use this section to specify the number of workers used and the amount of memory assigned to each worker.  The maximum number of workers will be specified by your license and typically will equal the number of cores available.  The recommended amount of RAM is 4GB per worker or higher.  You can also specify the location of the worker temp directory. > Finalizing New Case Settings Once all options have been set, click OK. During this time Nuix is creating four data stores: • Text; • Metadata; • Images; and • Binary (if selected for processing). > Tips/Best Practices on Case Creation 1. Select the options which best suit your analysis requirements. 2. Choosing unnecessary options will only increase indexing time. 3. Ensure you have enough disk space available for the index, especially for large cases and if storing the binary data. 4. Due to the complexity of datasets; Nuix Desktop cannot predict indexing times. 5. Consider splitting large cases/data sets into logical groupings such as by custodian or data type so that you can divide the processing work load and also easily filter by these groupings later. 6. Processing in smaller batches reduces risk of reprocessing everything in the event of some failure. 7. Add each grouping of data as either new evidence or as a new case and then join the cases later into a compound case. 8. Plan a consistent naming schema for your cases (simple and compound) For more information and resources to help you make best use of Proof Finder please visit prooffinder.com/support Thank You