In this five-part series, we talk about the benefits of having all your case data within one platform and how it will help your casework—from more simplified yet comprehensive data ingestion to more efficient and thorough analysis.
In the second part of the series, we’ll explain how you can bring mobile data into your case file in Magnet AXIOM — the only tool in market that combines cloud, mobile and computer analysis in one case file.
Then, in Parts 3 & 4, we’ll show you how you can also add computer and cloud data. Be sure to also check out Part 1 & Part 5 of the series to understand why working within one case file matters and how you can get the best analysis and reporting.
Almost every digital forensics investigation today involves mobile devices, and the wide variety of these devices in market—including smartphones, tablets, IoT devices, etc.— can make mobile data recovery, processing, and analysis challenging.
A toolkit approach is therefore essential to ensure you’re able to successfully access the data required for your investigations, regardless of the mobile device at hand—every tool is a little different and there’s never going to be only one tool that does everything you need.
AXIOM was purpose-built with support for a wide variety of mobile image and file types, so you can be confident that you’ll be able to ingest your mobile data into AXIOM regardless of the acquisition tool you use. AXIOM can also support ingestion of multiple mobile images together in the same case, an important feature considering your subjects might have several mobile devices of interest.
Why Use AXIOM in Your Mobile Investigations?
In addition to the advantages of analyzing your mobile data alongside computer and cloud sources outlined in Part 1 of our series, ingesting your mobile images into AXIOM for analysis provides a number of other unique benefits:
- AXIOM has the most advanced parsing and carving techniques to surface the most amount of mobile data like chats, pictures, geolocation data, etc. In fact, based on internal testing that we’ve done, we’ve found that AXIOM finds up to 25% more evidence than other tools available.
- AXIOM’s Dynamic App Finder (DAF) enables users to discover chat, geolocation, contact information, and web data applications that aren’t yet supported by a native artifact—this helps you find more evidence from unsupported apps, giving you a stronger foundation for your manual validation.
- AXIOM also enables you to build custom mobile artifacts of your own. With custom artifacts, you can recover data—messaging, location, browser interactions, etc.—from across an app. And with our new free MAGNET Custom Artifact Generator tool, you can build your own mobile artifacts without needing to know XML/Python or Magnet’s API for custom artifacts!
Let’s take a look at how AXIOM supports the ingestion of images from different tools, as well as direct acquisition from iOS and Android devices.
Mobile Image Ingestion with Magnet AXIOM
Integrated GrayKey Support
GrayKey is the most advanced solution for acquiring images from iOS devices. AXIOM is the only forensics solution directly integrated with GrayKey, for fast and easy ingestion of GrayKey iOS images. AXIOM automatically verifies your GrayKey image hashes, if applicable, and then adds the images to your case.
Mobile Image Support
AXIOM supports the ingestion of images created with a variety of mobile tools via various physical extraction techniques such as JTAG/ISP/Chipoff.
A full list of image file types supported in AXIOM is below:
You likely have Cellebrite’s UFED as one of the tools in your mobile forensics toolbox for mobile device extractions
If you choose to do your acquisition and first pass of the data with UFED, AXIOM is an extremely powerful solution for analyzing the evidence. Check out our blog on the top 5 reasons why you should use AXIOM with your UFED extractions and learn more about how to ingest Cellebrite images from third-party sources into AXIOM here: Loading Cellebrite Images into Magnet AXIOM
Other Mobile Tools
If you use other mobile extraction tools like Oxygen and XRY, read our blogs here to see how you can ingest their images into AXIOM, too:
Mobile Acquisition with AXIOM
AXIOM also includes tools to recover data from both Android and iOS devices, including Logical, File System, and Physical images.
For Android devices running version 2.1 and later, AXIOM can obtain full images from rooted Android devices and quick images from other Android devices.
Supported Acquisition Methods for Android Devices
For iOS devices, AXIOM can obtain a quick image from devices running iOS version 5.0 and later and full images from jailbroken iOS devices.
For more on using AXIOM with iOS devices running up to version 13, check out our blog here.
Supported Acquisition Methods for iOS Devices
For devices with passcodes or encryption enabled, AXIOM has a variety of methods to help you recover device data, including:
AXIOM can also acquire evidence from media devices that support the media transfer protocol (MTP), including digital cameras, feature phones, and iOS and Android smartphones.
In addition to the capabilities built directly into AXIOM, our free Magnet ACQUIRE tool can acquire forensic images of any iOS or Android device.
Check Out the Other Parts Of This Series
In Part 5, you’ll see how having all your data in one case file makes your analysis more efficient and thorough, helping you build stronger cases, faster.
And if you missed the first part of our series, catch up here to see why bringing your data into one case file matters.
Want to experience the benefits of AXIOM’s complete, integrated platform for yourself? Request a trial of Magnet AXIOM to get started today!