One of the new features in Magnet AXIOM that we are most excited about is Source Linking. This key feature should really help forensic examiners dive deeper into their data and analyze evidence quickly and efficiently. In a nutshell, Source Linking allows an examiner to quickly navigate between the artifacts, file system, and Windows Registry … Continued
With the recent release of Magnet AXIOM, I thought it was a good time to write a few blogs to help examiners get started and see some of the new features we’ve added. After installation, the first thing you’ll want to do is run AXIOM Process. AXIOM Process allows examiners to acquire and analyze evidence … Continued
By Jad Saliba, Founder and CTO of Magnet Forensics Today we launched Magnet AXIOM! (View Press Release) Our team has been working hard to create a complete digital investigation platform that builds on the processing power of Magnet IEF, and I’m excited to announce that it is now available to the digital forensics community. AXIOM … Continued
The smartphone forensics landscape is changing, and examiners need to be smart with their budgets while also equipping themselves with the right tools to get the job done. Meet Magnet ACQUIRE, a free software solution that enables digital forensic examiners to quickly and easily acquire forensic images of any iOS or Android device, hard drives, … Continued
UPDATE: Hi everyone. It’s Jamie McQuaid from the Magnet Forensics team. We just wrapped up the week at the National ICAC conference in Atlanta where we hosted a pre-launch event announcing Magnet AXIOM. It was a busy week for us here at Magnet Forensics, as you can guess, but here’s a bit more about the pre-launch … Continued
APPLICATION NAME: Recycle Bin CATEGORY: Operating System RELATED ARTIFACTS: None OPERATING SYSTEMS: Windows SOURCE LOCATION: Windows XP – %ROOT%\Recycler\%SID%\ Windows Vista+ – %ROOT%\$Recycle.Bin\%SID%\ Importance to Investigators The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system. While users can empty out the Recycle Bin quite easily, it … Continued
APPLICATION NAME: USB Devices CATEGORY: Operating System RELATED ARTIFACTS: None OPERATING SYSTEMS: Windows SOURCE LOCATION: SYSTEM/CurrentControlSet/Enum/USBSTOR SYSTEM/MountedDevices NTUSER.DAT/Software/Microsoft/Windows/CurrentVersion/Explorer/MountPoints2 SYSTEM/CurrentControlSet/Enum/USB Windows Vista+ – ROOT/Windows/inf/setupapi.dev.log Windows XP – ROOT/Windows/setupapi.log Importance to Investigators USB device history can be a great source of evidence when an examiner needs to determine if and why an external device was connected to a system. … Continued
What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued
APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt* Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued
APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued
