A Look Back at 2018: Resources for Corporate Investigations

Last week we looked back at some of the resources we’ve offered this year to help forensic examiners in their investigations — specifically about mobile forensics. This week, we’re highlighting some corporate resources we’ve made available, including webinars, white papers, videos, and blogs.

2018 was a big year for features in Magnet AXIOM that can be useful in corporate investigations. We kicked off the year by adding full disk decryption using a generated password list. We also added proxy support and support for FileVault2 and VeraCrypt decryption.

Starting with AXIOM 2.0, we began to add even more features to improve corporate investigations:

• Support for Microsoft® Office® 365 and Box.com administrative credentials, as well as $UsnJrnl support.
• Integrated Volatility plugins for memory analysis useful to incident responders.
• For investigators of employee misconduct, including harassment and misuse of company resources, we introduced new Magnet.AI classifications in both chat conversations and photos and videos.

On the training side, we introduced AX250: Magnet AXIOM Advanced Computer Forensics, a four-day course that builds on AX200 by introducing deeper computer forensics skills. However, we also offered a series of webinars, white papers, videos, and blog posts:

Insider Threat Investigations

One of the major ways corporate investigators use AXIOM is to investigate insider threats: theft of intellectual property and trade secrets, among others. This year we were able to work with customers to offer some case studies in addition to our own subject matter experts’ insights.

Our recorded webinar, “Recorded Webinar: Forensics in the Cloud: How to Conduct an Office 365 Investigation,” described how to complete a forensically sound Office 365 investigation.

From there, a second recorded webinar showed how to connect artifacts and users to prove intellectual property theft.

We also covered insider threat investigations in a new white paper. We were able to round out our resource offerings in this area with two case studies: a recorded webinar with Gillware Digital Forensics describing fraud, IP theft, and an intrusion; and a short written case study about how the UK-based IT Group uses AXIOM to reveal essential artifacts in insider threat cases.

Employee Misconduct Investigations

Two of the scenarios we heard the most about from corporate customers this year were the investigation of harassment, and misuse of corporate resources. To that end, we offered a new white paper describing the key artifacts needed to coordinate employee misconduct investigations.

Incident Response Investigations

Another new training course we introduced was AX310: Magnet AXIOM Incident Response Examinations, which focuses on unauthorized computer access and file usage with particular attention to volatile data collection using AXIOM and third-party tools.

In addition, however, we concluded our corporate investigation white paper series with a paper about successful root cause analysis investigations. We also took a couple of blog posts to focus on memory analysis, including our Magnet Process Capture tool and answering some questions about memory analysis in AXIOM.

Finally, we offered a written case study on how AXIOM helps incident responders understand endpoint breach impact.