Magnet Forensics CEO Adam Belsher published an editorial titled Fighting Crime in the Digital Age in the National Post, coinciding with our participation at the 111th annual Canadian Association of Chiefs of Police conference (Aug. 14-17). In the column, Adam provides an overview of the challenges people and society are facing as a result of … Continued
Since its launch, Uber has become a popular alternative to taxi rides in many cities globally. As Uber is controlled through a mobile app, it only makes sense to add support for it in Magnet AXIOM and Magnet IEF. With the launch of AXIOM 1.0.4 and IEF 6.8.1, we’ve added support to parse data from … Continued
One of the new features in Magnet AXIOM that we are most excited about is Source Linking. This key feature should really help forensic examiners dive deeper into their data and analyze evidence quickly and efficiently. In a nutshell, Source Linking allows an examiner to quickly navigate between the artifacts, file system, and Windows Registry … Continued
With the recent release of Magnet AXIOM, I thought it was a good time to write a few blogs to help examiners get started and see some of the new features we’ve added. After installation, the first thing you’ll want to do is run AXIOM Process. AXIOM Process allows examiners to acquire and analyze evidence … Continued
The smartphone forensics landscape is changing, and examiners need to be smart with their budgets while also equipping themselves with the right tools to get the job done. Meet Magnet ACQUIRE, a free software solution that enables digital forensic examiners to quickly and easily acquire forensic images of any iOS or Android device, hard drives, … Continued
UPDATE: Hi everyone. It’s Jamie McQuaid from the Magnet Forensics team. We just wrapped up the week at the National ICAC conference in Atlanta where we hosted a pre-launch event announcing Magnet AXIOM. It was a busy week for us here at Magnet Forensics, as you can guess, but here’s a bit more about the pre-launch … Continued
Importance to Investigators USB device history is an invaluable source of evidence in digital forensics, playing a crucial role in various investigative scenarios. When an examiner needs to determine if an external device was connected to a system, USB artifacts provide definitive traces of such activities. This evidence can reveal not only the connection but … Continued
What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued
APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt* Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued
APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued
