Tips & Tricks Webinars
Browse Our Tips & Tricks Webinars
We know many of you are currently working from home and engaging in free learning opportunities is more important than ever.
We are excited to provide you with a wide variety of Magnet Forensics Tips & Tricks webinars. These quick presentations will help you learn about new ways to improve your investigations, and you can find recordings of them below which you can access anytime.
Tips & Tricks Recordings
Tips & Tricks // Remotely Collect From Off-Network Endpoints Using AWS and AXIOM Cyber
With a remote workforce that’s larger than ever, the need to collect data from endpoints not connected to the corporate network has never been greater. It’s critical to have the ability to collect and analyze off-network computers when you have an incident that needs to be investigated. Plus, you need to know what you can expect to get after you have collected that evidence.
Join Lynita Hinsch from Magnet Forensics to learn how to set up an AWS EC2 instance with Magnet AXIOM Cyber installed on it to enable remote collections from off-network endpoints.
WATCH NOW>
Tips & Tricks // Managing the Noise With Magnet Hash Sets Manager
In this Tips & Tricks webinar, we are going to look at installing, configuring, and using Magnet Hash Sets Manager along with some different use cases that you can leverage in your investigations. This free tool is available to Magnet Forensics customers, and integrates with both Magnet AXIOM and AXIOM Cyber. It can be used to manage hash sets to both include and exclude items shown in your cases. Magnet Hash Sets Manager also provides a single point of management for all the hash sets used across your AXIOM and AXIOM Cyber installations, whether you have one or one hundred.
WATCH NOW>
Tips & Tricks // Ingesting Mobile Extractions into AXIOM
In this Tips and Tricks session, we will use AXIOM Process to ingest mobile data extractions. After processing, the artifacts will be explored using AXIOM Examine.
WATCH NOW>
Tips & Tricks // Investigating Linux Instances With AXIOM & AXIOM Cyber
Join Mike Lynch, Corporate Solutions Consultant at Magnet Forensics, for a Tips & Tricks webinar on how you can leverage AXIOM and AXIOM Cyber for Linux forensics. This webinar will introduce those unfamiliar with Linux systems to some of the basics—including different distros and flavors, important artifacts of note, and some key directories to focus on. In addition, Mike will discuss how to use AXIOM and AXIOM Cyber in different ways to collect and process data from Linux instances.
WATCH NOW>
Tips & Tricks // Building Streamlined Digital Forensics Workflows with Magnet AUTOMATE
Magnet AUTOMATE can help you to improve service to your agency by unlocking lab capacity, creating efficiencies, and reducing time to evidence. In this Tips & Tricks webinar, we show you how you can leverage AUTOMATE’s workflow builder to build streamlined, automated workflows across your forensics toolkit to drive efficiencies in your lab and help you finish your digital investigations faster.
Join Emma Tiernan, Solutions Consultant, for a walkthrough of the AUTOMATE workflow building process, including an overview of case creation and dashboards.
WATCH NOW>
Tips & Tricks // Streamline Investigations with Triage: From OUTRIDER to AXIOM
With more devices entering the lab than ever, triage is becoming an increasingly critical step to determine which devices need to be analyzed first. With Magnet OUTRIDER 3.1, you can scan more macOS directories than ever before, helping you quickly identify which devices contain critical evidence.
Join Kim Bradley from Magnet Forensics to learn how to streamline your investigation using OUTRIDER to triage devices before analyzing it with Magnet AXIOM.
WATCH NOW>
Tips & Tricks // Putting Geolocation Data on the Map
In this Tips & Tricks webinar, we will focus on geolocational data in AXIOM. Join Tarah Melton, Solutions Consultant, as she shows you how to quickly identify geo data, and review important artifacts and evidence sources to consider in your examinations. We will show the World Map View and how to take advantage of this view in AXIOM. Finally, we’ll show some useful tips to analyze and report on geolocational data. Geo data can be essential in your examinations, and these tips and tricks will be helpful in using AXIOM in cases that rely on this data.
WATCH NOW>
Tips & Tricks// A New Yet Familiar Look at Email Evidence in AXIOM Cyber
Join Steve Gemperle, Forensic Consultant, for this Tips and Tricks session where he’ll outline how to leverage the search and filtering capabilities of the new Email Explorer in Magnet AXIOM Cyber, narrowing in on specific message times or themes to help streamline the process of reviewing and tagging email evidence.
Email Explorer is a new interface in AXIOM Cyber that helps you search, tag and review emails by presenting them in an intuitive and familiar format that mirrors the appearance of common email platforms. Presenting messages as the sender and recipient would have originally viewed them, provides important context that may otherwise be overlooked in an examination. Much like a native email platform, Email Examiner provides several filters and search capabilities to narrow in on specific message times or themes to help manage the volume of data.
WATCH NOW>
Tips & Tricks // Get to Evidence Faster with Media Explorer
Investigations that center around media review and analysis often require additional examination time as lab personnel have to examine images and video found on devices. With the media explorer in AXIOM, it can help examiners surface up intelligent insights from the media, so examiners can get to evidence faster. Plus, with the intuitive filter panel, examiners can quickly sift through metadata and cut through the volume of media to efficiently narrow the scope of an examination.
Join Kim Bradley for this Tips & Tricks session, where she shows how to make the most of Media Explorer’s features such as hit stacking, advanced filtering, and exporting categorized data, to efficiently conduct media examinations.
WATCH NOW>
Tips & Tricks // Remotely Collect from Off-Network Endpoints Using AWS and AXIOM Cyber
With a remote workforce that’s larger than ever, the need to collect data from endpoints not connected to the corporate network has never been greater. It’s critical to have the ability to collect and analyze off-network computers when you have an incident that needs to be investigated. Plus, you need to know what you can expect to get after you have collected that evidence.
Join Lynita Hinsch from Magnet Forensics to learn how to set up an AWS EC2 instance with Magnet AXIOM Cyber installed on it to enable remote collections from off-network endpoints.
WATCH NOW>
Tips & Tricks // Acquiring Data from the Cloud
Join Kim Bradley, forensic consultant, as she shows you how to acquire data from cloud sources using different methods, such as user credentials and login tokens from mobile extractions.
Each login method will allow you to acquire different types of data, so you’ll learn what data is available and how to quickly process acquired data from sources such as Apple, Facebook, Google, Instagram, and Twitter using these differing methods.
Data from cloud sources can be a critical aspect of your case and waiting for warrant returns can delay case progress. Knowing what cloud data can be accessed via live acquisition can help support search warrant requests early in an investigation.
WATCH NOW>
Tips & Tricks // Instantly Search and Filter a Target Endpoint with AXIOM Cyber
When performing a remote collection of a remote endpoint using AXIOM Cyber, sometimes you need to quickly triage the target by looking for a specific piece of evidence, perhaps a particular file for example.
Join Lynita Hinsch, Magnet Forensics Solutions Consultant, as she shows off some tips and tricks about how you can use index searching to search and filter for files and folders.
In this session you’ll learn how to:
- Get instant search and filter results from the index built by AXIOM Cyber
- Filter on date range or metadata fields
- Find search terms in directories or filenames
- Triage or pivot your investigation with search and filter capabilities
WATCH NOW>
Tips & Tricks // Distribute and Manage Hash Sets
Maintaining up-to-date hash sets can be a painful process, especially for those operating in offline labs. The Hash Sets Manager (currently in beta through Magnet Idea Lab) offers a central database that allows you to automatically manage hash set distribution to instances of Magnet AXIOM or AXIOM Cyber in your lab – even if it’s offline.
For users in law enforcement, you can download and distribute hash sets to devices on your network from Project VIC, Child Abuse Database, and more, with Hash Sets Manager. For enterprise users, you can also use Hash Sets Manager to upload custom hash sets, such as your IT department’s gold build to help pare down the data for investigations. Join Kim Bradley and Chris Cone as they showcase the Hash Sets Manager beta in action.
As an active beta, it is available for our members to test and provide feedback. Join the Magnet Idea Lab for more information.
WATCH NOW>
Tips & Tricks // Customizing Magnet AXIOM for Your Investigations
When your case involves unsupported applications or custom file types, what do you do? You can actually create your own artifacts and add new file types to AXIOM!
Join Chris Blight, Magnet Forensics Solutions Consultant, as he showcases some tips and tricks to help you fine-tune AXIOM to the needs of your investigation by adding custom artifacts and file types so you can dig into the evidence at hand.
In this session you’ll learn how to:
- Create custom artifacts with MAGNET Custom Artifact Generator
- Use the Dynamic App Finder
- Add custom artifacts from the MAGNET Artifact Exchange
- Add custom file types to AXIOM
- Create user-defined artifacts in AXIOM
WATCH NOW>
Tips & Tricks // Jumpstart Your IR Investigations with YARA Rules
Magnet Forensics has prided itself on its artifacts-first approach which gave examiners a very clear starting point for their digital forensics investigations. Now, with the introduction of YARA rule scanning in Magnet AXIOM Cyber, we’re giving DFIR examiners the same very clear starting point.
Join Solutions Consultant, Lynita Hinsch, as she shows you how you can use YARA rule scanning in AXIOM Cyber to jumpstart your IR investigations.
WATCH NOW>
Tips & Tricks // Accessing VirusTotal’s Cyberthreat Insights in Magnet AXIOM Cyber
The more information you have about a cyberthreat, the better equipped you are to remediate an incident and refine mitigation procedures for future threats. Magnet AXIOM Cyber now gives you the ability to quickly check the hash values of files against VirusTotal’s database of 70+ Antivirus engines to gain insight into the history and behavior of known malware threats.
Join Steve Gemperle, Magnet Forensic Consultant, for this Tips and Tricks session as he outlines how to access VirusTotal insights from AXIOM Cyber, as well as how this integration maintains the confidentiality of your data by searching hashes of files rather than uploading them. Steve will also discuss the process for exporting suspected malware from AXIOM Cyber and submitting it to VirusTotal, including the advantages and potential pitfalls of doing this.
WATCH NOW>
Tips & Tricks // Get To Evidence Faster in DVR Examiner
Magnet DVR Examiner undoubtedly minimizes investigators’ time to evidence when compared with traditional manual recovery options. Bypassing passwords, in-app preview, and seamless export are just a few of the ways DVR Examiner can speed up an investigation. That being said, there are certain factors that can speed up the process even further within DVR Examiner.
Join Cole Baldock for this Tips & Tricks session, where he’ll be breaking down key factors that can speed up – or slow down – the performance of DVR Examiner, including source format, computer specs, user workflow, and more.
WATCH NOW>
Tips & Tricks // Download Apple Warrant Return Data: Remove the Roadblocks
In this Tips & Tricks, you’ll see how easy it is to use the MAGNET Apple Warrant Return Assistant, a one-click solution that allows you to download, decrypt, and decompress Apple warrant returns.
When a cloud service vendor shares a user’s account data based on a warrant return, (e.g., a data package from a company such as Apple), the package often contains a .csv file with several links to servers that you then must go collect discrete collections of a user’s account data from, which is a labor-intensive and time-consuming process.
Learn how to access and decrypt the data contained within each link of an Apple warrant return and decompress those files if they are compressed with the MAGNET Apple Warrant Return Assistant, the latest free tool from Magnet.
WATCH NOW>
Tips & Tricks // Acquiring WhatsApp Data: There’s More Than One Way to Get the Data
Join Kim Bradley, forensic consultant, as she shows you how to acquire data from WhatsApp using different methods while exploring different avenues for acquisition, such as from cloud sources, mobile devices, and workstations.
Kim will also share some insights and best practices when it comes to analyzing WhatsApp data. Considering WhatsApp data is one today’s more prominent evidence sources, be sure not to miss this Tips & Tricks session.
WATCH NOW>
Tips & Tricks // Instantly Search and Filter a Target Endpoint with AXIOM Cyber
When performing a remote collection of a remote endpoint using AXIOM Cyber, sometimes you need to quickly triage the target by looking for a specific piece of evidence, perhaps a particular file for example.
Join Lynita Hinsch, Magnet Forensics Solutions Consultant, as she shows off some tips and tricks about how you can use index searching to search and filter for files and folders.
In this session you’ll learn how to:
- Get instant search and filter results from the index built by AXIOM Cyber
- Filter on date range or metadata fields
- Find search terms in directories or filenames
- Triage or pivot your investigation with search and filter capabilities
WATCH NOW>
Tips & Tricks // Streamline Investigations with Triage: From OUTRIDER to AXIOM
With more devices entering the lab than ever, triage is becoming an increasingly critical step to determine which devices need to be analyzed first. With Magnet OUTRIDER 3.1, you can scan more macOS directories than ever before, helping you quickly identify which devices contain critical evidence.
Join Kim Bradley from Magnet Forensics to learn how to streamline your investigation using OUTRIDER to triage devices before analyzing it with Magnet AXIOM.
WATCH NOW>
Tips & Tricks // Comparing iOS Logical vs. Full File System Extractions
All iOS extractions are not created equal. While logical images can provide key evidence, full file system extractions may contain additional evidentiary artifacts that can show user behavior and encrypted data. These two types of extractions will be compared as well as acquisition methods and the artifacts parsed from each. Additionally, artifacts extracted will be used to decrypt data not accessible otherwise. Join Kim Bradley for this Tips & Tricks webinar to dive deep into iOS logical and full file system extractions within AXIOM.
WATCH NOW>
Tips & Tricks // Deep Dive into DVR Examiner
In this Tips & Tricks, we’ll give an overview of DVR Examiner and walk through a full export job, from scanning to filtering, preview, and export. We’ll highlight some key features of the software, specifically looking at new features that allow you to customize the way you work within DVR Examiner. We will also show how you can customize your layout as well as create custom fields to streamline your workflow.
WATCH NOW>
Tips & Tricks // What's New in Magnet REVIEW
Learn how you can use Magnet REVIEW to streamline digital evidence review for your agency’s investigators and other stakeholders. Join Nicole Davis, Senior Product Manager, as she demonstrates some of REVIEW’s latest features, including exporting evidence from AXIOM, reviewing evidence from Cellebrite Physical Analyzer and MSAB XRY, and more.
WATCH NOW>
Tips & Tricks // Acquiring WhatsApp Data: There's More Than One Way to Get the Data
Join Kim Bradley, forensic consultant, as she shows you how to acquire data from WhatsApp using different methods while exploring different avenues for acquisition, such as from cloud sources, mobile devices, and workstations.
Kim will also share some insights and best practices when it comes to analyzing WhatsApp data. Considering WhatsApp data is one today’s more prominent evidence sources, be sure not to miss this Tips & Tricks session.
WATCH NOW>
Tips & Tricks // Comparing iOS Logical vs. Full File System Extractions
All iOS extractions are not created equal. While logical images can provide key evidence, full file system extractions may contain additional evidentiary artifacts that can show user behavior and encrypted data. These two types of extractions will be compared as well as acquisition methods and the artifacts parsed from each. Additionally, artifacts extracted will be used to decrypt data not accessible otherwise. Join Kim Bradley for this Tips & Tricks webinar to dive deep into iOS logical and full file system extractions within AXIOM.
WATCH NOW>
Tips & Tricks // Remotely Collect from Off-Network Endpoints Using AWS and AXIOM Cyber
With a remote workforce that’s larger than ever, the need to collect data from endpoints not connected to the corporate network has never been greater. It’s critical to have the ability to collect and analyze off-network computers when you have an incident that needs to be investigated. Plus, you need to know what you can expect to get after you have collected that evidence.
Join Lynita Hinsch from Magnet Forensics to learn how to set up an AWS EC2 instance with Magnet AXIOM Cyber installed on it to enable remote collections from off-network endpoints.
WATCH NOW>
Tips & Tricks // Acquiring Data from the Cloud
Join Kim Bradley, forensic consultant, as she shows you how to acquire data from cloud sources using different methods, such as user credentials and login tokens from mobile extractions.
Each login method will allow you to acquire different types of data, so you’ll learn what data is available and how to quickly process acquired data from sources such as Apple, Facebook, Google, Instagram, and Twitter using these differing methods.
Data from cloud sources can be a critical aspect of your case and waiting for warrant returns can delay case progress. Knowing what cloud data can be accessed via live acquisition can help support search warrant requests early in an investigation.
WATCH NOW>
Tips & Tricks // Get Your OSINT with Public Social Media Data
Persons of interest don’t always cooperate with examiners and may not share their credentials, such as usernames or passwords. Regardless, the investigation must go on and there’s a lot of data available to examiners from publicly available sources.
Join Kim Bradley as she showcases how to acquire and analyze public facing social media data in AXIOM from Facebook, Twitter, and Instagram. Plus, she’ll highlight some tips and tricks to show how these data sources become more valuable together. When your POI won’t cooperate, the more OSINT the better!
WATCH NOW>
Tips & Tricks // Remote Agents and the Agent Status Dashboard
In Magnet AXIOM Cyber 5.5, we introduced the Agent Status Dashboard, which gave a never-before seen view of all the remote agents created with AXIOM Cyber — along with their status, and the endpoints that they are deployed to. This unlocked the potential to easily deploy one agent to multiple endpoints and connect to an endpoint as well, all from within the dashboard.
In this Tips & Tricks session led by Steve Gemperle, Forensics Consultant, see the Agent Status Dashboard for yourself, as Steve provides a walk-through and how demonstrates how easy it is to see all your remote agents, their status, and more.
WATCH NOW>
Tips & Tricks // Analyzing Vehicle Data with Berla iVe
Join our in-house forensic vehicle data expert, Kim Bradley, as she showcases how to process and analyze vehicle data from Berla’s iVe software in Magnet AXIOM. Vehicle computers collect a trove of information from call logs, routes, waypoints, velocity logs and much more.
For any cases involving a vehicle, be sure to add all the case devices to one file in AXIOM to correlate the data and find the most evidence. Don’t get stuck in data gridlock, take the fast lane with AXIOM and iVe to analyze your vehicle evidence today.
WATCH NOW>
Tips & Tricks // Building Streamlined Digital Forensics Workflows with Magnet AUTOMATE
Magnet AUTOMATE can help you to improve service to your agency by unlocking lab capacity, creating efficiencies, and reducing time to evidence. In this Tips & Tricks webinar, we show you how you can leverage AUTOMATE’s workflow builder to build streamlined, automated workflows across your forensics toolkit to drive efficiencies in your lab and help you finish your digital investigations faster. Join Emma Tiernan, Solutions Consultant, for a walkthrough of the AUTOMATE workflow building process, including an overview of case creation and dashboards.
WATCH NOW>
Tips & Tricks // Putting Geolocation Data on the Map
In this Tips & Tricks webinar, we will focus on geolocational data in AXIOM. Join Tarah Melton, Solutions Consultant, as she shows you how to quickly identify geo data, and review important artifacts and evidence sources to consider in your examinations. We will show the World Map View and how to take advantage of this view in AXIOM. Finally, we’ll show some useful tips to analyze and report on geolocational data. Geo data can be essential in your examinations, and these tips and tricks will be helpful in using AXIOM in cases that rely on this data.
WATCH NOW>
Tips & Tricks // In-Depth Look at Timeline in AXIOM
In this Tips & Tricks, Solution Consultant Brandon Waters, will be taking an in-depth look at Timeline in Magnet AXIOM, including methods of applying filters and narrowing down information to browse exactly what you are looking for. He’ll also highlight how using the other analytical tools of AXIOM, such as Connections and Media Explorer in conjunction with Timeline will make it even more powerful for your investigations.
WATCH NOW>
Tips and Tricks // Pre-Configuring Cloud Accounts for AXIOM Cyber
Join Lynita Hinsch, Solutions Consultant, as she walks through Microsoft Office365 pre-configuration in AXIOM Cyber. Configuring cloud accounts to be used in conjunction with Magnet AXIOM Cyber requires cooperation between analysts and IT staff within an organization. In this Tips & Tricks webinar, we’ll focus on how to get some of your cloud accounts set up and ready to use with AXIOM Cyber, namely Microsoft Office365 and Google G Suite.
WATCH NOW>
Tips & Tricks // Comparing iOS Logical vs. Full File System Extractions
All iOS extractions are not created equal. While logical images can provide key evidence, full file system extractions may contain additional evidentiary artifacts that can show user behavior and encrypted data. These two types of extractions will be compared as well as acquisition methods and the artifacts parsed from each. Additionally, artifacts extracted will be used to decrypt data not accessible otherwise. Join Kim Bradley for this Tips & Tricks webinar to dive deep into iOS logical and full file system extractions within AXIOM.
WATCH NOW>
Tips & Tricks // Get Your OSINT with Public Social Media Data
Persons of interest don’t always cooperate with examiners and may not share their credentials, such as usernames or passwords. Regardless, the investigation must go on and there’s a lot of data available to examiners from publicly available sources. Join Kim Bradley as she showcases how to acquire and analyze public facing social media data in AXIOM from Facebook, Twitter, and Instagram. Plus, she’ll highlight some tips and tricks to show how these data sources become more valuable together. When your POI won’t cooperate, the more OSINT the better!
WATCH NOW>
Tips & Tricks // Get to Evidence Faster with Media Explorer
Investigations that center around media review and analysis often require additional examination time as lab personnel have to examine images and video found on devices. With the media explorer in AXIOM, it can help examiners surface up intelligent insights from the media, so examiners can get to evidence faster. Plus, with the intuitive filter panel, examiners can quickly sift through metadata and cut through the volume of media to efficiently narrow the scope of an examination.
Join Kim Bradley for this Tips & Tricks session, where she shows how to make the most of Media Explorer’s features such as hit stacking, advanced filtering, and exporting categorized data, to efficiently conduct media examinations.
WATCH NOW>
Tips & Tricks // Analyzing Linux Artifacts
You never know where your investigation may take you; and you need to be prepared to investigate evidence wherever it may be, including Linux.
Whether you’re working a malware or ransomware incident response case in an enterprise setting or you show up to a crime scene and your suspect’s computer is a Linux system, having a base-level understanding of Linux artifacts and how to analyze them will keep your investigation moving.
In this Tips & Tricks session we’ll highlight some important Linux artifacts including User Accounts, SSH Activity, System Logs—and more—and how they can be analyzed using AXIOM Cyber or AXIOM.
WATCH NOW>
Tips & Tricks // Getting Tactical: Search for Keywords After Processing an Image
Investigations don’t follow straight or narrow lines, so why search for all your keywords at the outset of a case when searching all the contents of a drive? Now, you don’t have to. In this session, we’ll go over how to search for keywords in “all-content” once an image has already been processed. We’ll also share some keyword search best practices, such as performing an initial search at the outset of a case and how to use the surfaced information to dig deeper into device images.
WATCH NOW>
Tips & Tricks // AXIOM Advanced Searches / Regular Expressions
Can regex (regular expressions) be scary? Absolutely! Do you need to be an absolute wizard to start using them? No way! AXIOM advanced searches and column allow forensic examiners to make use of regular expressions to help sort through their data with greater precision. Join Mike Williamson for this Tips & Tricks session, where he makes the case for learning about Regex, and provides several reusable pattern constructs you can begin using in your examinations immediately!
WATCH NOW>
Tips & Tricks // MAGNET Chromebook Acquisition Assistant
Learn how to use the MAGNET Chromebook Acquisition Assistant to facilitate acquisitions from Chromebooks. This tool is built on the Daniel Dickerman method to help make creating a forensic image from Chromebook devices easier. In addition we will demonstrate how to process those images in Magnet AXIOM and view your results.
WATCH NOW>
Tips & Tricks // Knowledge(C) is Power – Analyzing the KnowledgeC.db with AXIOM
Magnet AXIOM has numerous artifacts derived from the KnowledgeC.db found on both iOS and macOS. In this Tips & Tricks session, we’ll highlight how examiners can use this database to aid in their investigations, shedding light on the pattern of life usage of the device being analyzed, as well as how to build timelines from the information found within.
WATCH NOW>
Tips & Tricks // Writing a Custom Artifact
Join Forensic Consultant Mike Williamson as he demos some strategies for writing your own custom artifacts without any prior experience. Building on Jessica Hyde’s custom artifact tips & tricks sessions from last year, we will cover the use of Magnet Custom Artifact Generator (free tool) to greatly accelerate your initial steps, the custom artifact developer documentation, and general tips for getting started. We will primarily focus on the SQLite-parsing artifacts but also include some info on the python-style artifacts.
WATCH NOW>
Tips & Tricks // Decrypting Application Data Using the iOS Keychain and Graykey
There are several artifacts that can be decrypted with data from the iOS Keychain. In this Tips and Tricks, we will show you how to look at Keychain data, such as that available with a Keychain image and use that data to decrypt a data from different artifacts. In this session, Jessica Hyde will show you some processing best practices to help you be able to unlock more parsed results from the iOS Keychain.
WATCH NOW>
Tips & Tricks // Simple AXIOM Features That Improve Case Efficiency
Certain simple features in AXIOM are commonly overlooked, but they are extremely powerful when looking for that needle in the haystack. This session will go over some of those features, like column filtering, right-click functionality from the file system, relative time filter, saving HTMLs of chat messages, and more, and explain how they can be useful to your investigations.
WATCH NOW>
Tips & Tricks // Rebuilt Desktops
Looking for a lead? Where do I start? I’d think about the Rebuilt Desktop artifact in AXIOM. In this Tips & Tricks webinar, we will explore how to display an approximation of the users desktop in both Windows and Mac systems within AXIOM. This not only saves you time in having to virtualize the users system yourself but also gives a great place to start an investigation! Join Larry McClain of the Magnet Training Team for a discussion of this artifact and what it can mean for your investigations.
WATCH NOW>
Tips & Tricks // Magnet AXIOM Cyber Remote Agent
In this Tips & Tricks webinar, join us to discuss remote collection from endpoints on prem or over the Internet. In this session we’ll walk through Agent creation, deployment, and connection to acquire data from remote endpoints within your environment. We’ll also run AXIOM Cyber from the cloud and collect data from an off network remote endpoints over the Internet. The AXIOM Cyber agent provides immediate access to and the ability to acquire data from Windows and Mac endpoints (whether they are geographically distant or in the same room). Lynita Hinsch, Solutions Consultant, will discuss all encompassing aspects of the remote agent and best practices for remote collection.
WATCH NOW>
Tips & Tricks // APK App Simulator
With the millions of applications available to users on Android devices, it becomes impossible for commercial tools to be able to parse and support them all. However, analyzing unsupported applications can sometimes be critical to your digital forensics investigations. In this session, we’ll explore one method of Android App Analysis by virtualizing the data using our free tool, the MAGNET App Simulator. You’ll see how to take application data from your case and use the App Simulator to visualize that data in a familiar, virtual Android environment.
WATCH NOW>
Tips & Tricks // Acquiring and Parsing Sysdiagnose Log Archives from iOS Devices in AXIOM
When full file system acquisitions are not available for iOS devices, several key artifacts will be missed from examinations. In order to obtain several of these key pieces for investigation, examiners should understand how to capture log files from the device as well as techniques to extract and analyze them. This presentation will discuss ways to generate and then extract sysdiagnose log archives and load them into AXIOM. Once inside AXIOM examiners will learn what can be parsed using artifacts that already exist as well as ways to extend this data with open source tools.
WATCH NOW>
Tips & Tricks // Targeted Processing
Wondering how to save time processing images in Magnet AXIOM? In this Tips & Tricks session, learn about ways to target your processing to get more rapid results. Join Jessica Hyde, Director of Forensics, as shows us how to do selective processing on a subset of locations of evidence, different search types, and how to use Artifact Profiles to target parsing and carving. By selectively targeting both locations processed and artifacts processed, an examiner can often get to the evidence more quickly. We will also demonstrate how to then process the additional artifacts and files not initially processed at a later time if necessary for your case.
WATCH NOW>
Tips & Tricks // Troubleshooting For Remote Acquire
Join us for a Tips & Tricks webinar hosted by Dallas Jordan where he’ll demonstrate how you can troubleshoot some potential roadblocks you may come across with Remote Acquire. We will show you how you can use AXIOM logs to help troubleshoot some issues that users have run into in the past when trying to deploy our agent for remote collections on both Windows and Macs including strategies to resolve any of these potential issues.
WATCH NOW>
Tips and Tricks // Processing Memory Images
Did you know that you can process memory images in Magnet AXIOM? In this Tips & Tricks session, learn how to bring in a memory image and select the proper profiles in AXIOM. See how to parse both memory specific artifacts and other artifacts like windows event logs and internet related artifacts. Join Tarah Melton, Forensic Consultant, as she shows you how to ingest memory into your cases alongside your other evidence to get the most out of your cases.
WATCH NOW>
Tips & Tricks // Using Community Created Custom Artifacts in AXIOM
Did you know that there are approximately 150 community created artifacts on the Magnet Artifact Exchange? In this presentation we will discuss how to utilize these artifacts to get more evidence from your cases. These community created artifacts cover a variety of needs from supporting unsupported artifacts, to identifying specific file types, to allowing for the ingestion of results from other tools to allow for analysis within AXIOM! We will demonstrate how to obtain, load, and utilize these artifacts in bulk as well as individually. These tools allow you to look at results from iLEAPP, ALEAPP, Bulk Extractor and other tools alongside results parsed by AXIOM. We will also show where these results will exist in your case and how to use them. Join Jessica Hyde, Director of Forensics, for this informative session and get more parsed results in your cases!
WATCH NOW>
Tips & Tricks // Looking at the Source Data to Support an Artifact
In this Tips & Tricks webinar, we will show you how to dig deeper and validate evidence using the Locate Source feature. Join Jessica Hyde, Director of Forensics, as she show you how to locate files and the hex for artifacts parsed from files, unallocated space, registries, SQLite databases, and more. We will explore artifacts that use multiple sources and how to tell what table and row a specific artifact was parsed from. Additionally, we will show how to reverse source link from the file system allowing you to see what artifacts have been parsed from a specific file or folder and how this can be useful in your investigations. These tips and tricks regarding locating source will be helpful in validating and understanding artifacts in your results.
WATCH NOW>
Tips & Tricks // Using Magnet AXIOM for Triage On-Site
Join Jamey Tubbs, Director of Training Operations, to discuss how you can use Magnet AXIOM to conduct onsite triage. You’ll learn how to filter in preview to view images, play videos and see the contents of a file. We will also discuss timing and how an examiner can quickly get to the file system and assess the landscape for any egregious files, as well as what factors can impact preview speeds.
WATCH NOW>
Tips & Tricks // Download Your Data
There are multiple cloud platforms that allow users to access their own information directly by requesting it from the Cloud service provider, which could prove extremely valuable in your investigation if you have access from a compliant witness or victim. Magnet AXIOM supports the processing and analysis of many of these evidence sources, such as Facebook, Google, and Skype. In this Tips and Tricks session, join Tarah Melton, Forensic Consultant, to demonstrate the collection and analysis of these types of data and how beneficial it could be in your investigations to get to that data much quicker than a warrant return.
WATCH NOW>
Tips & Tricks // Capture & Scan More Data with Even Faster Speed in OUTRIDER 2.0
Join Trey Amick in this Tips and Tricks session where he’ll review the latest release of Magnet OUTRIDER, a triage tool designed to perform lightning fast previews of computers and external drivers either while in the field or back in the lab. Trey will provide quick tips to maximize your use of OUTRIDER 2.0 and discuss additional time savings for investigators to utilize while collecting and triaging evidence in the field.
WATCH NOW>
Tips & Tricks // Using Grading and AI for Officer Wellness
Magnet AXIOM has a number of features that have been specifically designed to improve officer wellness in the course of CSAM investigations. In this Tips and Tricks session, Rhys Tooby, Solution Consultant, will walk you through a workflow that can assist with these investigations — addressing the unique challenges and the effects of chronic exposure to CSAM with grading and AI features.
WATCH NOW>
Tips & Tricks // Aiding ICAC Investigators with Technology Integrations
Many technologies used to capture, categorize, and analyze pictures and videos complement one another, filling gaps in the investigative toolbox. However, when organizations come together to integrate their technologies, they can amplify their results, resulting in aiding more victims.
Join Trey Amick, Manager of Forensic Consultants, in this Tips & Tricks webinar where he’ll demonstrate different technologies that have been integrated into a variety of Magnet tools to help assist ICAC investigators in their investigations. Integrations being discussed during this webinar will include Child Rescue Coalition CPS Data Exports in AXIOM, CRC CSAM detection in Magnet Outrider, and the ability to import NCMEC reports into Outrider for searching against a target machine.
WATCH NOW>
Tips & Tricks // Using File System Explorer in Magnet AXIOM
Join Craig Guymon, Director of Solution Consulting, to learn how to take advantage of AXIOM’s File System explorer in your investigations. In this Tips & Tricks webinar, Craig will review several powerful examination techniques that leverage the file system, including how to:
- Create an artifact from a file system file like an executable or log file that can be reported on from the Artifact Explorer
- Save artifacts from the file system to a zip container and keep artifact dates and times intact
- Effectively narrow down the scope of relevant user artifacts from the Artifact Explorer (View Related Artifacts)
- Use the database viewer and plist viewer in the Artifact Explorer
- Use the File system explorer to perform MD5/SHA1 value exports of known good files that can be used later as an “ignorable” list
WATCH NOW>
Tips & Tricks // AXIOM Performance Optimization
In this Tips & Tricks webinar, Brandon Waters, Solutions Consultant, will review how to leverage overlooked performance-enhancing features like temp file location, search speed, and memory analysis search speed along with GPU support for Magnet.AI and how to adjust Windows environmental settings to further improve performance.
WATCH NOW>
Tips & Tricks // Acquiring and Analyzing Microsoft Teams Data
Now more than ever, organizations are faced with the need for remote collaboration and many have turned to Microsoft Teams to fill that need. Whether exporting MS Teams data directly from the Microsoft 365 Compliance Center or directly acquiring that data with the Magnet AXIOM Cyber API, examiners have the power to process and analyze the evidence all in a single case file. In this Tips and Tricks webinar, we’ll walk through all of the acquisition options available and utilize AXIOM Cyber to analyze the data.
WATCH NOW>
Tips & Tricks // Opportunities to Find Cloud Data with Magnet AXIOM
It’s very possible that you might have the chance to find cloud evidence while examining computer and mobile evidence in Magnet AXIOM. In this Tips & Tricks webinar, we’ll show you some telltale signs of cloud data sources to look out for when collecting and analyzing computer and mobile data. That cloud evidence could be what unlocks a case, so you’ll want to make sure you’re not leaving any evidence behind.
WATCH NOW>
Tips & Tricks // AXIOM Reporting Now & Then – Exploring AXIOM’s updated reporting features in AXIOM 4.0
In this Tips and Tricks we will explore AXIOM’s new reporting features and show improvements. Additionally, we will share tips and tricks for users of previous versions of AXIOM to produce desired output comparing how things were done in older versions. We will demonstrate several features such as how to hide and reorder columns a as well as how to create templates that can be reused to save time in future report generation and to standardize reports across an organization.
WATCH NOW>
Tips & Tricks // Harnessing Magnet.AI to Save Time in Your Investigations
The massive amount of text-based and media content involved in today’s digital investigations can make the search for potential evidence a time-consuming task. Machine learning and image recognition tools can help to identify and categorize content of interest so examiners can more quickly uncover the key evidence needed for their cases.
In this Tips and Tricks webinar, Trey Amick, Manager of Forensic Consultants, will show you how to leverage AXIOM’s Magnet.AI machine learning and Content Based Image Retrieval (CBIR) technology to quickly surface, analyze, and classify pictures and chats.
- Automatically detect and categorize potential pictures of drugs, weapons, nudity, or child abuse, and chats containing sexual conversations.
- Find related images—such as pictures of the same room or pictures with similar scenery—with the Find Similar Pictures feature.
WATCH NOW>
Tips & Tricks // Unlocking Additional Evidence with Artifact Options in AXIOM
When scanning evidence in Magnet AXIOM, most of the time the default artifact selection and options cover a wide range of case types. However there are times when applying additional options for a particular artifact could unlock a wealth of information otherwise thought unavailable. For example, knowing the user’s Windows password isn’t usually necessary to analyze their computer, however there are many apps such as browsers, Zoom, Dropbox, etc. that use the built in Windows data protection controls to encrypt their data on the user’s system. Knowing what these options offer can enable examiners to know when to enable certain features and assist in uncovering additional details that wouldn’t have otherwise been unlocked in the default scan. Join Jamie McQuaid as we walk through some of these options to help you better understand their value to your investigation and when they should be applied.
WATCH NOW>
Tips & Tricks // AXIOM Advanced Searches / Regular Expressions
Can regex (regular expressions) be scary? Absolutely! Do you need to be an absolute wizard to start using them? No way! AXIOM advanced searches and column allow forensic examiners to make use of regular expressions to help sort through their data with greater precision. Join Mike Williamson for this Tips & Tricks session, where he makes the case for learning about Regex, and provides several reusable pattern constructs you can begin using in your examinations immediately!
WATCH NOW>
Tips & Tricks // File System in Magnet AXIOM
Magnet AXIOM is known for parsing hundreds of artifacts from computer, mobile and cloud evidence sources. But in addition to these artifacts, you’ll find that there are a number of useful features in our File System view as well! Enhanced viewers for SQLite databases, plists, and JSON files, and the automatic decoding data from hex are just some of the valuable features we’ll review in this Tips and Tricks session. Join us to see why utilizing AXIOM to dive into the file system can greatly benefit your examinations!
WATCH NOW>
Tips & Tricks // Custom Artifacts
As new applications are used and updated, forensic tools do not always support every artifact. Often times examiners manually parse artifacts from a variety of sources. What if you could easily automate that parsing for future cases and large data sets… and still analyze those results in your tools? What if you could share your parsers and also use ones from other examiners? What if these results could be analyzed with the rest of the data from the case?
In this Tips & Tricks webinar, we will show the value of using Custom Artifacts in AXIOM to support unsupported artifacts and sources. Join us to learn how you can use templates to parse SQLite or RegEx or Python to create Custom Artifacts for use in AXIOM. Jessica will also teach you how to find custom artifacts created by others on the Artifact Exchange. Finally, you’ll learn how to build, share, and use custom artifacts to help support novel data and support the unsupported.
WATCH NOW>
Tips & Tricks // Dynamic App Finder
It is impossible for commercial forensic tools to be able to keep up with the support of the millions of new and updated applications available on mobile platforms today. Even still, this application data might be vital to your case. In this Tips & Tricks session, Tarah Melton, Forensic Consultant, will demonstrate AXIOM’s Dynamic App Finder (DAF), to show one method of parsing data from these unsupported applications efficiently though the AXIOM interface. Utilizing DAF, we’ll discover how to identify useful data from mobile databases and create custom artifacts to add into AXIOM to analyze alongside our other parsed data.
WATCH NOW>
Tips & Tricks // Portable Case
One of the most important aspects in any digital forensic examination is the need to collaborate and discuss the findings from the case data with other stakeholders. This can include attorneys, other investigators, Human Resources, clients, and more. AXIOM eases this collaboration via Portable Case, enabling those stakeholders the ability to review, tag, and comment on that data, then allowing the merging of those insights back into the main case file by the forensic examiner. Join Tarah Melton, Forensic Consultant, to learn how to create and utilize Portable Cases from AXIOM in your investigations for more efficient communication of forensic findings in your casework.
WATCH NOW>
Tips & Tricks // Making Sense of the Media Mayhem with Mac & iOS
It’s estimated that there will be 1.4 trillion photos taken in 2020, with the bulk of those coming from mobile devices. Since 2009, more than1.5 billion iPhones have been sold globally making it easier than ever to capture, share and edit media files. Investigators can often gain valuable clues derived from recovered media file details. In this presentation, Trey Amick, Forensic Consultant Manager, will dig into the Photos application found on both iOS and macOS endpoints, and show examiners the level of detail they can provide in their media investigations.
WATCH NOW>
Tips & Tricks // Utilizing Magnet Free Tools – RAM Capture & Process Capture
When it comes to capturing RAM what are the best ways to accomplish this? Should I use the command line? Or GUI? Should I include Process Capture. What benefits would I get if I use Magnet Process Capture? Patrick Beaver from Magnet Forensics Professional Services team will dive into these key questions and help you uncover more evidence through memory acquisition with these free tools.
WATCH NOW>
Tips & Tricks // Using Identifiers and Profiles in Magnet AXIOM
One of the best hidden features of Magnet AXIOM is Profiles. Profiles allow examiners to group particular unique identifiers found in their case and tie them to a particular person or device. This allows the user to build a persona from data found as part of the investigation and correlate this information across evidence sources. Once a profile is created, filters can be applied to find additional evidence across many sources (computer, mobile, cloud, etc…) about a person based on the identifiers tied to that profile. This can help uncover additional details about a subject that otherwise might have been overlooked by manually searching. Join Jamie McQuaid as he walks through how to build various profiles and apply them to different types of investigations.
WATCH NOW>
Tips & Tricks // Magnet Web Page Saver
Magnet Web Page Saver (WPS) is a perfect tool for capturing how web pages look at a specific point in time. Join Jad Saliba, CTO & Founder of Magnet Forensics as dives into common questions about WPS and digs into the functionality and use cases in this hands-on tips & tricks session. WPS is especially useful in situations where the web pages need to be displayed in an environment where internet access is not available. Magnet WPS takes a list of URLs and saves scrolling captures (“snapshots”) of each page. URLs can be typed in manually or imported from a text file or CSV file. WPS produces an easy-to-navigate HTML report file containing the saved pages, with customized options. This feature is perfect for those web sites containing contraband where you need to pull the information quickly before the criminals alter or change the web page.
WATCH NOW>
Tips & Tricks // Loading Different Evidence Types into AXIOM
Loading evidence in AXIOM is pretty straightforward for most use cases but there are times that certain types of files or images could benefit from some added insight or knowledge on the image formats and the various ways they can be loaded into AXIOM to get the best results for your investigation. In this session we’ll go over some of the most common (and some not so common) ways you can load evidence into AXIOM and see how that may affect the artifacts that get searched, decryption capabilities, or processing speed. We’ll also look at images outputted from various tools and see how they may differ and some of the most common questions we get about them.
WATCH NOW>
Tips and Tricks // Piece the Story Together with OS, Memory, and Other Artifacts
Learn how to correlate different artifacts with each other and see the connections that occur between data across multiple types of evidence including computer, mobile devices, memory dumps, external media, and cloud. Then pivot to timeline analysis to help pinpoint the exact offense or step through exactly how an incident occurred. In this Tips & Tricks session, Tarah Melton, Forensic Consultant, will walk through a case using Connections and the Timeline Explorer in Magnet AXIOM and show how artifact correlations and timestamps can help tell the story in your investigation.