Product Features

Analytics in Magnet Axiom

When it comes to the analytics tools of Magnet Axiom, they’re designed to automatically surface case-relevant evidence, empowering you to derive insights and intelligence quickly and easily. With tools such as Media Explorer, Cloud Insights Dashboard, Connections, and Timeline, Axiom leverages technology like machine learning and CBIR (Content-Based Image Retrieval) to surface evidence. Data visualizations are then provided, so you can intuitively interpret, understand, and tell the story of your digital evidence.

Analyze data from all evidence sources in a single case file

The analytical tools of Axiom are only as insightful as the data they can draw insights from. This is why it’s so important that evidence from all devices can be included all in one case.

When you’re investigating a suspect, you’re most likely investigating more than just that suspect’s computer, or only their mobile device, or a specific cloud account. In fact, the average number of devices investigated per case has recently risen to 6 and average smart phone users accesses 30 apps per month. With all of these data sources, you’re investigating the digital footprints that criminals leave behind distributed amongst all their devices and apps. And you need a tool that natively supports the analysis of evidence from all the relevant sources in a single case file so you can quickly and easily see the entire story of the evidence.  

Magnet Axiom is the go-to forensics tool for many labs when they need to examine data from computer mobile, cloud, and vehicle evidence sources all in one case.  

  • Computer: Ingest and analyze data from Windows, Macs, Chromebooks, and Linux-devices with an artifacts-first approach to find the most relevant evidence, media, and chats quickly. Plus, easily process memory with Volatility seamlessly integrated into Axiom. 
  • Mobile: Recover and examine data from Android and iOS devices. Plus, Axiom is the only tool integrated with GrayKey. Automatically validate GrayKey images, leverage keychain and keystore data to decrypt apps, and take advantage of support for category-based extractions. 
  • Cloud: Acquire and analyze data from social media platforms and cloud services, plus ingest warrant returns and user-generated archives, from sources such as Google, Apple, Microsoft, Facebook, and many more.  
  • Vehicle: Ingest and analyze vehicle data, such as Berla iVe extractions, and plot geolocation data and other events on the world map. Correlate data between vehicles and other sources that track geolocation data, for example, such as mobile devices.

Case Dashboard: Your case at-a-glance

Axiom’s Case Dashboard gives you the high-level details of your investigation, the evidence sources, and an overview of the digital evidence so you can quickly move to the analysis phase of your investigation. 

Media Explorer: categorize media   

Media Explorer offers an easy and intuitive way to find, categorize, and analyze the images relevant to your case as quickly as possible. Media Explorer offers hit stacking, auto-categorization based on hash, image classification with Magnet.AI, and various filters to narrow down your investigation quickly, allowing you to reduce the overall volume of media by filtering out non-relevant content first and then home in on relevant content. 

You can use the various filters found under the Investigation Leads section to narrow the search. For example, when investigating ICAC cases, filtering based on identifiers such as camera brand, you can search for the camera or lens model and serial numbers.    

You can search by attributes found within VICS hashsets such as Category and Categorization Source, VICS comments series, tags, Identified offenders and victims along with indicators for self-generated and distributed media. Additionally, filters for skin tone %, file size, media attributes such as extension type, recovery method or even file attributes found on particular file system’s like APFS and MIME type can help narrow results for examiners.  

Video attributes such as carved video file size, container format, content format and media duration provide even more opportunities for focusing on media files pertinent to the examination.  

Plus, with Magnet.AI, you can automatically search and tag media with specific classifiers, such as tattoos, invoices, icons, bedrooms, weapons, and more. 

Check out our blog to learn more about media categorization and the smart tools available to streamline the workflow of media-centric investigations.

Magnet.AI: leverage technology to save time

Magnet.AI was first introduced to offer text-based analysis to identify luring or grooming conversations common to ICAC investigations, but the capabilities of Magnet.AI have since expanded to do much more.  

Leverage Content-Based Image Retrieval (CBIR) technology to quickly find similar pictures in your case based on a picture that either in your case, or an external one that you’ve loaded into Axiom as the query image. With CBIR, you can effectively customize and create your own image classifications with Magnet.AI by loading a query image and find similar pictures in your case file.

Magnet.AI can scan image content to find similar images and tag content based on your search parameters. It can help you identify images that may contain depictions of child sexual abuse, nudity, weapons, and drugs—plus it can be used for more classification categories including hate symbols, licenses or passports, screenshots, and more.  

The tagging capabilities of Magnet.AI can help you not only find what you’re looking for, but also what you’re not looking for. You can reduce the amount of “noise” and “junk” you have to review with the picture classifier by finding system icons and graphics within datasets. Once they’re identified by Magnet.AI, these items can then be tagged and filtered out. In one of our tests with a real dataset, we reduced the number of media items for review by ~50%.  

Plus, Magnet.AI offers optical character recognition (OCR) and it’s optimized for extracting text from PDF’s, scanned docs, images of docs, and other images that may be included in emails. Paired with the invoices classifier, you can tag and then analyze the contents of invoices easily in Media Explorer.

Cloud Insights Dashboard: surface more sources of evidence automatically

With the Cloud Insights Dashboard, we’re excited to help streamline your evidence discovery workflow. Now, more cloud account information will be automatically surfaced, making it easier to identify which cloud accounts are associated with device extractions. The benefit is two-fold, the Cloud Insights Dashboard will surface the supported cloud accounts that Axiom has uncovered a password and/or token for, giving you a lead on the apps that you can search for locally on the device, and a lead to obtain legal authority to acquire the cloud data for.

One other significant benefit of working in the Cloud Insights Dashboard is that you’ll have a prompt displaying the different access methods available for that cloud data, such as by acquiring open-source information, logging into the account to acquire data, uploading a user-generated archive, or a warrant return package. Plus, in the dashboard, you will be provided with some resources to help you determine the potential artifacts you can find for each of the identified cloud sources.

The Cloud Insights Dashboard was designed to streamline your workflow, so you will be able to launch cloud acquisition processes directly from the dashboard, while investigating your relevant cloud data all in one place. Acquiring cloud data and knowing what data is available for acquisition has never been easier.

Check out this blog for the how-to video from Trey Amick to see the Cloud Insights Dashboard in action.

Timeline: see your case unfolding

Timeline is another Analytics feature that is so powerful and easy to use in Axiom. Timeline creates a visualization of your evidence based on the dates and timestamps available for your case. This includes timestamps reported by the file system, but also any timestamps parsed from the artifacts in your case will also be included because Axiom takes the artifact first approach to processing data.

You can validate what the Timeline is showing without having to dig through the file system to find the file. We do the heavy lifting while giving you quick access to the raw data.  

Another one of the things about Timeline that our users really love is the Relative Date/Time filter. This is incredibly helpful to quickly learn what happened leading up to an incident or likewise after it. You can anchor on a certain point in time when you know an incident occurred and then apply time range filters before and after that incident.

Check out the “How to use Timeline in Magnet Axiom” video to see Timeline in action.

Connections: visualize relationships

When you’re working terabytes of data from many different sources, it can be difficult to piece together how artifacts, people, or even devices, all relate to each other. It can be even more difficult to find insights that help you move your investigation forward quickly.  

Connections helps you quickly find and visualize data across all your evidence sources and can shed light on evidence that may never have surfaced otherwise. For example, you can see how a specific picture file got on a device, how it was accessed, if it was shared and with who.

Check out our blog, Letting Connections in Magnet Axiom Work for You, to learn more about Connections and watch a brief how-to video to see it in action for yourself.

Once you have your evidence, share findings easily

With Magnet Axiom, you can easily share your evidence by exporting directly to Magnet Review, a web-based evidence review platform purpose-built for use by non-technical investigators, which allows you to securely share all digital evidence. 

Or you can share your evidence with Portable Case. Portable case can be created by any Axiom user to collaborate on a case with other stakeholders. Examiners can choose to include as much or as little digital evidence that has been acquired and recovered in a case to collaborate and review evidence with others. 

If you want to dive deeper into Portable Case, you’re in luck! Check out this two-part blog series on Portable Case: 

Want to try all the Analytical tools—and more—in Axiom for yourself? Request a free trial of Magnet Axiom to get started today

Related Resources

Blog

Blog

Griffeye products now a part of the Magnet Forensics product suite

Following the announcement that Griffeye would become part of Magnet Forensics, we are thrilled to announce that Griffeye is now fully integrated into the Magnet Forensics family. 

April 12, 2024 • About a 2 minute view
Blog

Blog

Magnet Axiom Cyber 7.10: AWS Sign-in improvements & animated maps

The latest release of Magnet AXIOM Cyber is here, and we’re excited to share new features for analysis and cloud acquisitions.

February 29, 2024 • About a 2 minute view
Blog

Blog

Reviewing email evidence with Email Explorer in Magnet Axiom and Axiom Cyber

With the continued prominence of email in corporate settings, we’re thrilled to unveil a highly anticipated feature to AXIOM Cyber: Email Explorer.

February 29, 2024 • About a 4 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top