One of the new features in Magnet AXIOM that we are most excited about is Source Linking. This key feature should really help forensic examiners dive deeper into their data and analyze evidence quickly and efficiently. In a nutshell, Source Linking allows an examiner to quickly navigate between the artifacts, file system, and Windows Registry … Continued
With the recent release of Magnet AXIOM, I thought it was a good time to write a few blogs to help examiners get started and see some of the new features we’ve added. After installation, the first thing you’ll want to do is run AXIOM Process. AXIOM Process allows examiners to acquire and analyze evidence … Continued
The smartphone forensics landscape is changing, and examiners need to be smart with their budgets while also equipping themselves with the right tools to get the job done. Meet Magnet ACQUIRE, a free software solution that enables digital forensic examiners to quickly and easily acquire forensic images of any iOS or Android device, hard drives, … Continued
UPDATE: Hi everyone. It’s Jamie McQuaid from the Magnet Forensics team. We just wrapped up the week at the National ICAC conference in Atlanta where we hosted a pre-launch event announcing Magnet AXIOM. It was a busy week for us here at Magnet Forensics, as you can guess, but here’s a bit more about the pre-launch … Continued
Windows Recycle Bin in Digital Forensics The Windows Recycle Bin, a seemingly simple feature, has undergone significant changes across different versions of the Windows operating system. This artifact is not just a virtual trash can but a critical element in digital forensic investigations. Understanding its evolution and functionality can provide valuable insights into user activity … Continued
Importance to Investigators USB device history is an invaluable source of evidence in digital forensics, playing a crucial role in various investigative scenarios. When an examiner needs to determine if an external device was connected to a system, USB artifacts provide definitive traces of such activities. This evidence can reveal not only the connection but … Continued
What is the UserAssist artifact? UserAssist is a feature in Windows that tracks the usage of executable files and applications launched by the user. It stores this information in the Windows Registry, which can be accessed by forensic analysts to reconstruct a timeline of application usage and user activity. Specifically, it is located within the … Continued
APPLICATION NAME: WhatsApp Messenger CATEGORY: Chat RELATED ARTIFACTS: WhatsApp Contacts, WhatsApp Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: iOS – /root/var/mobile/Applications/net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite Android – /data/data/com.whatsapp/databases/msgstore.db Android – /data/data/com.whatsapp/databases/wa.db Android –/sdcard/WhatsApp/Databases/msgstore.db.crypt* Importance to Investigators Android For Android devices, there are two SQLite databases of value for examiners recovering WhatsApp artifacts: msgstore.db and wa.db. The msgstore.db contains details on any chat conversations … Continued
APPLICATION NAME: Whisper CATEGORY: Social Networking RELATED ARTIFACTS: Whisper Posts, Whisper Messages OPERATING SYSTEMS: iOS, Android SOURCE LOCATION: Android – %root%\data\APPsh.whisper\databases\w.db Android – %root%\data\APPsh.whisper\databases\c.db iOS – %root%\var\mobile\Applications\%GUID%\Documents\Messaging.sqlite iOS – %root%\var\mobile\Applications\%GUID%\Documents\Whisper.sqlite Importance to Investigators Whisper is a popular social networking app that allows users to post messages anonymously and send messages to other users. It is available on both iOS and Android devices. Whisper allows … Continued
APPLICATION NAME: Yik Yak CATEGORY: Chat RELATED ARTIFACTS: Yik Yak Notifications, Yik Yak Yaks OPERATING SYSTEMS: iOS SOURCE LOCATION: iOS – %root%\Library\Caches\engineering.locus.chatter\Cache.db iOS – %root%\Library\Caches\engineering.locus.chatter\fsCachedData\%GUID% Importance to Investigators Yik Yak is a popular social media application most commonly used by young adults. The app, available on iOS and Android smartphones, allows users to post anonymous messages to … Continued
