Magnet AXIOM Process: Streamlining Acquisition and Processing
With the recent release of Magnet AXIOM, I thought it was a good time to write a few blogs to help examiners get started and see some of the new features we’ve added. After installation, the first thing you’ll want to do is run AXIOM Process. AXIOM Process allows examiners to acquire and analyze evidence all in one step. We call this Single Stage Processing.
Quite often when I started an examination, I would get a computer or smartphone to be analyzed. The first day would be spent acquiring an image of the device. Day two would be spent processing the image in Magnet IEF or other tools at my disposal, and then finally on day three, I would begin my analysis.
With Magnet AXIOM, we’ve streamlined the acquisition and processing into one task, so that you can set a hard drive or smartphone to be acquired and analyzed in a single step without requiring any additional interaction by the examiner. This will help save time and allow you to start your analysis sooner.
With AXIOM you can also analyze computers and smartphones together in a single case. A lot of forensic tools are specific to either computer or mobile analysis but with Magnet AXIOM you can analyze both with one solution. There’s no need to flip between tools, AXIOM lets you analyze both your computer and mobile evidence together in the same case.
Once your evidence is loaded, there are a large number of computer and smartphone artifacts that will be searched for – just like Magnet IEF did in the past. By default, AXIOM Process will search for all the available artifacts giving you the best possible results; however, you can also choose to specify which artifacts you wish to search for in the given image.
You can also setup a number of additional options that will help with your examination during this process. AXIOM Process allows you to add keyword lists, hash lists, whitelist non-relevant files, or build custom artifacts to help customize your search and assist when handling large sets of data.
Once you have added your evidence, selected your artifacts, and set your additional options, you can begin the processing. It will start by acquiring any evidence that you have listed and then start analyzing your images one by one until everything is complete. The entire process is logged so that you have a record of any actions taken. Ensure that you have enough storage space for the acquired images and case and no further action should be required until the processing has completed and you are ready to begin your analysis using AXIOM Examine.