Product Features
AXIOM All in One - Computer

All Your Case Data in Magnet AXIOM: Pt 3 — Bringing in Computer Data

In this five-part series, we talk about the benefits of having all your case data within one platform and how it will help your casework—from more simplified yet comprehensive data ingestion to more efficient and thorough analysis.

In the third part of the series, we’ll explain how to bring all your computer data into one case file within Magnet AXIOM—the only tool in market that combines cloud, mobile and computer analysis in one case file.

Check out the other parts of this series to understand why working within one case file matters, how to bring mobile and cloud data into your case, and how you can get the best analysis and reporting.

Magnet AXIOM: The Leading Computer Forensics Tool

The digital forensics industry began with the examination of computer sources—with Windows PCs the dominant platform by far. Magnet was an early pioneer in Windows investigations with our IEF tool, which introduced a revolutionary artifacts-first approach to digital forensics.

Today, computer sources remain a core part of digital investigations alongside mobile and cloud sources, and we’ve evolved our industry-leading computer tools in the Magnet AXIOM platform to provide you with the deepest and most comprehensive computer artifacts support—not only for PC but also Mac, Linux, and Chromebook—ensuring you get the most from your data sources.

AXIOM supports a wide variety of industry standard file systems, including NTFS, FAT32/16/12, ExFAT, APFS, HFS+, HFS/X, EXT2, EXT3, EXT4, YAFFS2, and Flash Friendly File System (F2FS).

When a target drive is encrypted, AXIOM includes tools to detect and decrypt those drives. Via our partnership with Passware, AXIOM is able to recover data from drives encrypted with TrueCrypt, Bitlocker, McAfee, and Veracrypt. AXIOM also supports recovery of FileVault 2 encrypted drives for macOS. Our free MAGNET Encrypted Disk Detector tool can quickly and non-intrusively check for encrypted volumes on a computer system during incident response.

In addition to computer hard-drives and memory, AXIOM can also acquire evidence from expandable storage devices like USB and SD Flash drives and more. As another option, our free Magnet ACQUIRE tool lets digital forensic examiners quickly and easily acquire forensic images of hard drives or removable media.

Let’s take a look at how AXIOM supports data acquisition and ingestion from computer and memory sources.

Acquiring and Ingesting Computer Data into AXIOM

Computer Data Acquisition

AXIOM can obtain images from many types of Windows-based external drives that are physically connected to your computer such as HDD, SSD, USB, SD flash drives, and other external drives.

There are four imaging options for Windows-based drives that you can choose from:

  • Full: entire contents in E01 format
  • Full: entire contents in raw format
  • Full: all files and folders
  • Quick: a logical image of locations that typically contain evidence, such as system files and user profiles, in a single, compressed .zip file.

Computer Image Ingestion

AXIOM can ingest images from a variety of computer imaging utilities, including hardware imagers like Atola TaskForce and software imagers like FTK Imager and MacQuisition, in a wide range of image and file types, listed below:

For Mac computers with Apple’s T2 hardware-encrypted security chip, AXIOM can ingest and process decrypted AFF4 physical images acquired using MacQuisition.

Memory Acquisition

Memory files can contain information about a user’s activity on the computer that might have otherwise been lost when the system crashed or was shut down. AXIOM includes several tools to help you easily process computer memory:

  • Volatility seamlessly integrated into AXIOM for Windows-based machines
  • In addition to Volatility, AXIOM can parse multiple artifacts natively such as Internet artifacts, media, and operating system artifacts like prefetch and lnk files.
  • RAM capture via our free MAGNET RAM Capture tool
  • Process memory images via our free MAGNET Process Capture tool

Read Part 4 of our series to see how AXIOM can help you incorporate cloud data into your case.

Then, in Part 5 you’ll see how having all your data in one case file makes your analysis more efficient and thorough, helping you build stronger cases, faster.

And if you missed the first two parts of our series, catch up here to see why bringing your data into one case file matters and here to see how AXIOM helps you bring mobile data into your case:

Want to experience the benefits of AXIOM’s complete, integrated platform for yourself? Request a free trial of Magnet AXIOM to get started today!

Related Resources

Blog

Blog

Griffeye products now a part of the Magnet Forensics product suite

Following the announcement that Griffeye would become part of Magnet Forensics, we are thrilled to announce that Griffeye is now fully integrated into the Magnet Forensics family. 

April 12, 2024 • About a 2 minute view
Blog

Blog

Magnet Axiom Cyber 7.10: AWS Sign-in improvements & animated maps

The latest release of Magnet AXIOM Cyber is here, and we’re excited to share new features for analysis and cloud acquisitions.

February 29, 2024 • About a 2 minute view
Blog

Blog

Reviewing email evidence with Email Explorer in Magnet Axiom and Axiom Cyber

With the continued prominence of email in corporate settings, we’re thrilled to unveil a highly anticipated feature to AXIOM Cyber: Email Explorer.

February 29, 2024 • About a 4 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top