Pre-processing and acquiring user data in Microsoft 365 is important. With a market share of close to 48%, Microsoft 365 (formerly Office 365) is used by about one million companies worldwide, including 70% of Fortune 500 firms.
SRUM, or System Resource Utilization Monitor, is a feature of modern Windows systems (Win8+), intended to track the application usage, network utilization and system energy state. SRUM, as with most operating system features, wasn’t designed for the forensicator, but that doesn’t mean we can’t use it to support our investigations.
With the continued trend towards remote work and dispersed workforces, companies are increasingly turning to cloud services for file storage, management and collaboration. Providing the storage for over 100,000 organizations and 67% of Fortune 500, Box.com has emerged as one of the leading cloud storage solutions for businesses.
We’re excited to share that IDC, the premier global market intelligence firm, has named Magnet Forensics a Major Player in eDiscovery.
Magnet AXIOM Cyber 6.6 is here, and in this release, we have added new and updated features to help you collect, review, and interpret the evidence you need to keep your investigations moving forward.
Earlier this year, we introduced a new artifact category, volatile artifacts, which allows you to remotely collect live system information. Volatile artifacts are an especially important element of incident response investigations as they can provide unique insights into malware behavior and malicious activities that don’t leave easily detectable evidence trails.
With Apple’s announcement of iOS 16’s official launch date, as well as providing their latest “gold master” build, we wanted to take a dive into iOS 16 and see what all was going to be new from an analysis and acquisition perspective.
MRU artifacts, or Most Recently Used are a variety of artifacts tracked by modern Windows operating systems that provide crucial details regarding the user’s interaction with files, folders, and programs that may have been executed using the Windows Run utility. This is fortunate for examiners, because profiling user activity is something digital forensic examiners are often tasked with to corroborate what we believe happened on a computer. It is a method for supporting our theory of the user’s behavior on a system.
Sometimes the tools that have been put in place to protect our data can actually become roadblocks in our forensic investigations.
The latest release of AXIOM Cyber – version 6.5 introduces several new and exciting features including: support for Dell Data Protection Encryption (DDPE), new remote volatile artifacts, added evidence sources and features for Email Explorer, and additional artifact details in Timeline view.
