When Windows takes a nap and leaves you evidence: Inside hiberfil.sys
Hiberfil.sys is one of those Windows artifacts every examiner should know about. It can contain a near-complete capture of system memory but is also tricky to collect and parse.
Author: Darcey Hilliard
Bridging cybersecurity & forensics: Why DFIR belongs inside the modern SOC
Authored by Doug Metz Originally published in the November 2025 issue of Magnet Unlocked. Want to be the first to see new content? Sign up for our monthly newsletter, Magnet Unlocked. In many corporate environments, cybersecurity and DFIR still operate in separate lanes: SOC = Detection & containmentDFIR = Evidence & root cause That separation made … Continued
Same app, different data: Explaining to the court why device and cloud data don’t match
After the second episode of Legal Unpacked, a question came in that mirrors a frequent issue raised in court: A judge asks, “You obtained data from an application on the device, and from the cloud provider for data for the same account stored remotely. Can you explain to the court why the two sets of data don’t match?” The underlying assumption is that device data and cloud data should align. In reality, they are fundamentally different, and misunderstanding that distinction risks missing potential evidence.
Magnet User Summit 2026: Here’s your presentation catalog!
Magnet User Summit 2026 is getting closer, and we’re excited to share this year’s presentation catalog! We’ve got an incredible collection of presenters lined up ready to deliver sessions that will educate, empower, and inspire everyone joining us in Nashville on April 20-22. That includes insights from both the private sector and law enforcement about AI-driven solutions, navigating the latest mobile forensics challenges, cybersecurity, media authentication, reducing the demands of your investigations in the lab and so much more.
Leveraging digital forensics to advance employee misconduct investigations
Employee misconduct can pose serious financial, operational, and reputational risks to enterprise organizations. Bullying, sexual harassment, gambling, accessing inappropriate content, and similar misconduct costs U.S. companies up to $300 billion a year according to Work Shield. The 2024 Association of Certified Fraud Examiners’ “Report to the Nations” estimates occupational fraud alone leads to annual losses of more than $3 trillion globally.
Why digital forensics became mission-critical for federal agencies
Federal crimes now have a huge digital component which has transformed the breadth and scope of investigations. While interviews, surveillance, and physical evidence remain essential, the most decisive insights often come from digital evidence. Computers, laptops, tablets, and mobile devices can expose criminal networks, uncover insider threats, and reveal national security risks.
New! Magnet Certification Preparation
We’re excited to announce the launch of Magnet Certification Preparation —a new series of reinforcement training designed to help qualified students confidently prepare for their certification exams.
Magnet Forensics recognized by the CyberSecurity Breakthrough Awards
We’re excited to share that Magnet Forensics has been named “Security Response Solution of the Year” in the 2025 CyberSecurity Breakthrough Awards! These awards recognize the most innovative companies, products, and technologies driving progress in the global information security industry. We’re honored that our work stood out among thousands of nominations from more than 20 … Continued
When the lab never sleeps
Authored by Chad Gish. A few years ago, my lab at Nashville Police Department hit the breaking point. Our backlog was growing, and we were waiting weeks for devices to come back, and I caught myself thinking the same thing many investigators do: We’ll just overtime our way out of this. But you can’t outwork exponential data growth. We were effectively babysitting every step of every case, and the pressure to deliver was relentless.
When the lab never sleeps
Authored by Chad Gish. A few years ago, my lab at Nashville Police Department hit the breaking point. Our backlog was growing, detectives were waiting months for devices to come back, and I caught myself thinking the same thing many investigators do: We’ll just overtime our way out of this. But you can’t outwork exponential data growth. As the cases piled up, so did the pressure. In homicide or violent-crime work, time isn’t a luxury; it’s the difference between a solved case and a family that never gets answers. When you’re the lead detective, that weight sits squarely on your shoulders.