Collecting Remote Volatile Artifacts and What They Can Tell You

Earlier this year, we introduced a new artifact category, volatile artifacts, which allows you to remotely collect live system information. Volatile artifacts are an especially important element of incident response investigations as they can provide unique insights into malware behavior and malicious activities that don’t leave easily detectable evidence trails.  

iOS 16: What Digital Investigators Need to Know

With Apple’s announcement of iOS 16’s official launch date, as well as providing their latest “gold master” build, we wanted to take a dive into iOS 16 and see what all was going to be new from an analysis and acquisition perspective.

What is MRU (Most Recently Used)?

MRU artifacts, or Most Recently Used are a variety of artifacts tracked by modern Windows operating systems that provide crucial details regarding the user’s interaction with files, folders, and programs that may have been executed using the Windows Run utility. This is fortunate for examiners, because profiling user activity is something digital forensic examiners are often tasked with to corroborate what we believe happened on a computer. It is a method for supporting our theory of the user’s behavior on a system.

Standardize Your Team’s Hash Sets Database With Hash Set Manager

Maintaining up-to-date hash sets can be a painful process, especially for those operating in offline labs. Hash Sets Manager (currently in beta) lets you easily manage a central database of hash sets that you can distribute to your team’s instances of Magnet AXIOM and AXIOM Cyber, even if they are operating offline.