The June 2017 Trustwave Global Security report indicated that although the time to detect intrusion had improved—from 80.5 days in 2015 to just 49 days in 2016—the time from detection to containment rose slightly, and the time from intrusion to remediation remained roughly the same: just over 60 days.
Indeed, incident response continues to be a complex, demanding, often frustrating task, owing in part to forensic examinations that can be slow and tedious. In our new extended case study, Chris Brinkworth, director of forensics and e-discovery at Enterprise Knowledge Partners, LLC, a Minneapolis (Minnesota, USA)-based consulting firm, describes how his team uses Magnet AXIOM to triage standard forensic files for clients and turn around endpoint forensic examinations much more quickly than ever before.
How AXIOM’s Fast Processing Speed and Artifact Access Improves Time to Resolution
Brinkworth details how AXIOM helps his team to be more thorough, enabling them to look for “smoke and fire” evidence: artifacts that indicate suspicious activity. In addition, his team’s deep expertise helps to inform and support the business’ other two practice areas—enterprise architecture and security assessments.
Brinkworth additionally describes how AXIOM has helped the team to retrieve unknown or hard-to-find artifacts, worked in unexpected and unintended ways to deliver deeper results and better outcomes, and even enabled his team to make a critical operational shift in their business.
Download the Case Study to Find Out More
In the case study, “Using Magnet AXIOM in Corporate Security Incident Response and Investigations,” Brinkworth talks about how his team relies on AXIOM for three “pillars” of their investigations:
- The ability to conduct a “federated” search through Windows registry hives, event logs, and various artifacts, cutting his team’s evidence examination response time by at least half.
- Additional time-saving with filters. “We can create an artifact profile for a given advanced persistent threat where we know its hallmarks,” says Brinkworth, “and then run that profile against each of the systems we’ve imaged to show which ones are impacted by that threat actor, then validate the artifact profile(s) within the file system.”
- AXIOM makes it easy to create a two- to three-page brief that covers the nuts and bolts of the case details clients need to make decisions.
To read more case studies, customer stories, and testimonials, visit our Customers page. Are you currently using Magnet Forensics products and want to take part in a case study? We’d love to hear from you!