We have a proud tradition of bringing you Analytics functionality in Magnet AXIOM —without the need to purchase or install an extra module or add-on product. Even early versions of AXIOM, like AXIOM 1.1, directly included Analytics capabilities Magnet.AI.
When we think about Analytics in AXIOM, it’s all about the features and functionality that empower you to quickly and easily derive insight and intelligence. AXIOM does that by using technology like machine learning or CBIR (Content-Based Image Retrieval) as well as using data visualizations so you can intuitively interpret and understand the story of your digital evidence.
Let’s take a look at some of the Analytics features in AXIOM in a bit more detail.
Analyze Data From All Evidence Sources in a Single Case File
When you’re investigating a suspect, you’re most likely not just investigating that suspect’s computer, or only their mobile device, or a specific cloud account. You’re investigating that individual and all of the different digital footprints that they leave regardless of the evidence source. And you need a tool that natively supports examining evidence from all of those evidence sources in a single case file so you can quickly and easily see the entire story of the evidence.
Magnet AXIOM is the go-to forensics platform for many labs when they need to examine data from computer (Windows and Mac devices), memory, mobile, and cloud evidence sources.
- COMPUTER: Ingest and analyze data from Windows and Macs and use an artifacts-first approach to find the most Internet evidence, media, and chats.
- MOBILE: Recover data from Android and iOS devices; plus, AXIOM is the only tool integrated with GrayKey. Bonus: no more manually validating GrayKey images after downloading them, AXIOM does it automatically!
- CLOUD: Retrieve data from cloud services (e.g. Facebook, Wickr, Signal, and more), plus ingest warrant returns, public-facing data, and user generated archives like Google Takeout.
- MEMORY: Easily process memory with Volatility seamlessly integrated into AXIOM.
Connections: Visualize Relationships
When you’re working terabytes of data from many different sources, it can be difficult to piece together how artifacts, people, or even devices, all relate to each other. It can be even more difficult to find insights that help you move your investigation forward quickly.
AXIOM’s Analytics feature Connections helps you quickly find and visualize data across all your evidence sources and can shed light on evidence that may never have surfaced otherwise. For example, you can see how a specific picture file got on a device, how it was accessed, if it was shared and with who.
Check out our blog, Letting Connections in Magnet AXIOM Work for You, to learn more about Connections and watch a brief how-to video to see it in action for yourself.
Magnet.AI: Leverage Technology to Save Time
Machine learning has been in AXIOM (almost) from the very beginning: text-based analysis was introduced in AXIOM 1.1 to help identify luring or grooming conversations common to ICAC investigations.
With the launch of AXIOM 2.0, AXIOM identified images that may contain depictions of child sexual abuse, nudity, weapons, and drugs—and we continued to add support for more classification categories including hate symbols, identification like licenses or passports, screenshots, and more.
With soon to be released AXIOM 4.0, we’ll continue to add to Magnet.AI. AXIOM 4.0 will introduce the ability to load a query image and find similar pictures in your case file. This effectively gives you the ability to customize and create your own image classifications.
This new Analytics feature in AXIOM leverages Content-Based Image Retrieval (CBIR) technology to quickly find similar pictures in your case based on a picture that either in your case, or an external one that you’ve loaded into AXIOM as the query image.
Timeline: See Your Case Unfolding
Timeline is another Analytics feature that is so powerful and easy to use in AXIOM. Timeline creates a graphical visualization based on all of the dates and timestamps available to be parsed out in your case. This includes timestamps reported by the file system, but also because AXIOM takes the artifact first approach to processing data, any timestamps parsed from the artifacts in your case will also be included.
This is incredibly important to really be able to understand the activity the occurred on your evidence, especially considering artifacts that have numerous timestamps parsed from them, such as LNK or prefetch files, chat records, or logs.
And it’s very easy within AXIOM to see exactly where a file is located with source linking. The Details pane shows the source of the file and you can quickly jump to where that file is in the file system.
You can validate what the Timeline is showing without having to dig through the file system to find the file. We do the heavy lifting while giving you quick access to the raw data.
Another one of the things about Timeline that our customers really love is the Relative Date/Time filter. This is incredibly helpful to quickly learn what happened leading up to an incident or likewise after it. You can anchor on a certain point in time when you know an incident occurred and then apply time range filters before and after that incident.
Case Dashboard: Your Case At-A-Glance
AXIOM’s Case Dashboard gives you the high-level details of your investigation, the evidence sources, and an overview of the digital evidence so you can quickly move to the analysis phase of your investigation.
PORTABLE CASE: SHARE FINDINGS
Portable Case can be created by any AXIOM user to collaborate on a case with other stakeholders. Examiners can choose to include as much or as little digital evidence that has been acquired and recovered in a case to collaborate and review evidence with others.
If you want to dive deeper into Portable Case, you’re in luck! Check out this two-part blog series on Portable Case:
Want to try all the Analytics features—and more—in AXIOM for yourself? Request a free trial of Magnet AXIOM to get started today!