This post will outline the various views that Magnet AXIOM lets you use in your investigations and provides tips and tricks on how to get the most out of AXIOM’s Centralized Views. Depending on the type of data you’re looking at, the presentation can really help with your analysis. Some views work really well with … Continued
Since its launch, Uber has become a popular alternative to taxi rides in many cities globally. As Uber is controlled through a mobile app, it only makes sense to add support for it in Magnet AXIOM and Magnet IEF. With the launch of AXIOM 1.0.4 and IEF 6.8.1, we’ve added support to parse data from … Continued
With the recent release of Magnet AXIOM, I thought it was a good time to write a few blogs to help examiners get started and see some of the new features we’ve added. After installation, the first thing you’ll want to do is run AXIOM Process. AXIOM Process allows examiners to acquire and analyze evidence … Continued
The smartphone forensics landscape is changing, and examiners need to be smart with their budgets while also equipping themselves with the right tools to get the job done. Meet Magnet ACQUIRE, a free software solution that enables digital forensic examiners to quickly and easily acquire forensic images of any iOS or Android device, hard drives, … Continued
Windows Recycle Bin in Digital Forensics The Windows Recycle Bin, a seemingly simple feature, has undergone significant changes across different versions of the Windows operating system. This artifact is not just a virtual trash can but a critical element in digital forensic investigations. Understanding its evolution and functionality can provide valuable insights into user activity … Continued
Importance to Investigators USB device history is an invaluable source of evidence in digital forensics, playing a crucial role in various investigative scenarios. When an examiner needs to determine if an external device was connected to a system, USB artifacts provide definitive traces of such activities. This evidence can reveal not only the connection but … Continued
What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued
APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt* Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued
APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued
APPLICATION NAME: Yik Yak CATEGORY: Chat RELATED ARTIFACTS: Yik Yak Notifications, Yik Yak Yaks OPERATING SYSTEMS: iOS SOURCE LOCATION: iOS – %root%\Library\Caches\engineering.locus.chatter\Cache.db iOS – %root%\Library\Caches\engineering.locus.chatter\fsCachedData\%GUID% Importance to Investigators Yik Yak is a popular social media application most commonly used by young adults. The app, available on iOS and Android smartphones, allows users to post anonymous messages to … Continued
