All Your Case Data in Magnet AXIOM: Pt 4 — Bringing in Cloud Data
In this five-part series, we talk about the benefits of having all your case data within one platform and how it will help your casework—from more simplified yet comprehensive data ingestion to more efficient and thorough analysis.
In the fourth part of the series, we’ll explain how to bring in cloud data alongside your other data sources into one case file within Magnet AXIOM—the only tool in market that combines cloud, mobile and computer analysis in one case file. .
Check out the other parts of this series to understand why working within one case file matters, how to bring mobile and computer data into your case, and how you can get the best analysis and reporting.
The Growing Importance of Cloud Investigations
Cloud apps, cloud storage, and cloud computing have changed the way people share and store their information. As more apps and services move to the cloud, cloud investigations have become a critical complement to those involving mobile devices and computers—examiners need to rely on device back-ups, chat history, social media, and account information stored in the cloud to round out their investigations.
AXIOM’s built-in cloud capabilities can ingest data from 50+ of the most popular cloud services, including Google, Apple, Facebook, Twitter and more.
AXIOM supports both direct collection of cloud data with credentials from sources like public-facing data from Facebook and Twitter and ingestion of data from external sources like warrant returns and user generated archives like Google Takeout and Facebook.
Let’s take a look at how AXIOM helps you bring in cloud data from a variety of sources.
Cloud Data Acquisition and Ingestion with Magnet AXIOM
Ingesting Warrant Returns
Warrant return data from cloud services can be an invaluable source of evidence in your case. However, searching and analyzing that content can be problematic—the returns are not in a standard format and there are a vast number of artifacts. Even getting access to the returns themselves can also be challenging for forensic investigators. To help ensure you can reliably access and analyze warrant return packages, we work closely with law enforcement practitioners who are the first to know when there are changes to the packages provided by ISPs.
AXIOM includes built-in support for warrant return data from major ISPs, including Google, Apple, Facebook, Snapchat, Instagram, and Skype.
For more on warrant return analysis in AXIOM, see our blog here.
Ingesting User Generated Archives
In addition to ingestion of warrant return packages, AXIOM also supports ingestion of user generated archive files from both Google and Facebook.
These user generated archives can be another valuable source of forensic data. Google Takeout, for example, can help you recover artifacts and information such as Chrome activity, Google Tasks, user activity on a Google account, Google Photos, and Google Keep.
However, like warrant return packages, properly ingesting and parsing user generated archives from consumer cloud services can be challenging due to their constantly changing nature. We work hard to keep pace with the latest versions of these services and deliver timely updates when changes are made to ensure you can get the most from them.
Acquiring Public-Facing Data
To acquire evidence from the cloud, you can sign in to an account from within AXIOM with the subject’s user name and password, or—for some platforms— AXIOM can also leverage and ingest third-party tokens and keychains from mobile devices, allowing investigators to access cloud and social media accounts without requiring a password. You can also acquire publicly available activity from Twitter and Instagram without requiring login information for specific users.
Investigators can choose to download all data from the cloud account or specify a date range to acquire from in order to decrease the amount of time the acquisition takes. Once you’ve logged in to the account, you can also specify which services and content you want to acquire to further reduce your acquisition time.
Read the fifth and final post of the series here, where you’ll see how having all your data in one case file makes your analysis more efficient and thorough, helping you build stronger cases, faster.
And if you missed the first three parts of our series, catch up here to see why bringing your data into one case file matters and how you can bring mobile and computer data into your case:
- All Your Case Data in Magnet AXIOM: Pt 1 — Why it Matters
- All Your Case Data in Magnet AXIOM: Pt 2 — Bringing in Mobile Data
- All Your Case Data in Magnet AXIOM: Pt 3 — Bringing In Computer Data
Want to experience the benefits of AXIOM’s complete, integrated platform for yourself? Request a free trial of Magnet AXIOM to get started today!