Product Features
A decorative header for the post: How to Connect Magnet AXIOM Cyber in VeraKey for Mobile Device Investigations

How to Connect Magnet AXIOM Cyber Directly to VeraKey for Mobile Device Investigations 

Organizations leveraging VeraKey for their consent-based mobile device extractions are provided access to full file system acquisitions of both iOS and Android devices. These full file system images contain additional data points that would otherwise not be available with only logical extractions.

With the integration of these tools, connecting Magnet AXIOM Cyber to VeraKey directly can streamline your acquisition and analysis workflow. By launching AXIOM Process, and then connecting to your VeraKey, you can transfer acquired images directly into AXIOM Cyber for processing.

Connecting Magnet AXIOM Cyber to VeraKey

First, launch AXIOM Process and proceed to choose your evidence source by selecting:

Mobile -> Android or iOS -> Connect to VeraKey

A screenshot of the "Select evidence sources" dialogue box in Magnet AXIOM Cyber.
Figure 1: Select evidence sources in Magnet AXIOM Cyber.

You will then need to provide the hostname or internet protocol (IP) address of the VeraKey device that you want to connect to. The VeraKey will need to be on the same network as your examination computer. If an examiner has previously completed this step within this installation of AXIOM Cyber, you will not see this dialog window.

A screenshot of the "Connect to VeraKey" dialogue box in Magnet AXIOM Cyber.
Figure 2: The “Connect to VeraKey” dialogue box in Magnet AXIOM Cyber.

Once connected to the VeraKey, you will be prompted for a password. If this is the first time you’re connecting, you will also be prompted to allow access, authorizing AXIOM Cyber access to the VeraKey.

A screenshot of the log in and password prompt for authorizing AXIOM Cyber access to the VeraKey.
Figure 3: The log in and password prompt for authorizing AXIOM Cyber access to the VeraKey.

After completing authentication, examiners can designate a location to store VeraKey extractions. This will vary depending on your environment, but a dedicated storage device for evidence files generally provides the best performance during case processing; options are available to suit most workflows. You will then see a listing of extractions currently available on the VeraKey. This list will include the name, UUID, iOS version, and evidence ID (as entered during device acquisition) making it easy to determine which acquisition you would like to transfer.

A screenshot of the dialogue box showing the list of available extractions on the VeraKey.
Figure 4: The dialogue box showing the list of available extractions on the VeraKey.

After selecting a device acquisition from the list, you can then select which of the available items you would like to include in your AXIOM Cyber case for processing. These options will vary depending on the type of device acquired and acquisition performed. As an example, for iOS Devices, options typically include the file system acquisition, keychain data, and process memory. There is also an option to pre-process the keychain from VeraKey iOS extractions, learn more here.

A screenshot of the list of selectable images on the VeraKey connected device.
Figure 5: The list of selectable images on the connected device.

Once you have chosen the acquisition items for transfer, selecting the NEXT button will begin download data from the VeraKay. Once the transfer is complete, AXIOM Cyber will perform hash verification to ensure the downloads was successful. If either the download or hash verification fail, examiners are presented with an option to retry the download.

A screenshot of the "Select Evidence Source" dialogue box in Magnet AXIOM Cyber.
Figure 6: The Select Evidence Source dialogue box in Magnet AXIOM Cyber.

Once the download and hash verification completes, the selected evidence items will be added to your AXIOM case. The remaining case processing options in AXIOM Cyber, including things like keyword searching, using hash lists, or media categorization are available for you to utilize while processing the evidence. The integration of AXIOM Cyber and VeraKey is a timesaving feature allowing examiners to streamline their workflows for mobile device investigations.

Related Resources

Blog

Blog

Automate and accelerate your mobile workflows with Magnet Graykey Fastrak and Magnet Automate 

Across policing agencies, the volume of mobile devices that need to be extracted and processed for criminal investigations present a persistent and increasing challenge, leading to delays in cases and

May 2, 2024 • About a 3 minute view
Blog

Blog

Griffeye products now a part of the Magnet Forensics product suite

Following the announcement that Griffeye would become part of Magnet Forensics, we are thrilled to announce that Griffeye is now fully integrated into the Magnet Forensics family. 

April 12, 2024 • About a 2 minute view
Blog

Blog

Magnet Axiom Cyber 7.10: AWS Sign-in improvements & animated maps

The latest release of Magnet AXIOM Cyber is here, and we’re excited to share new features for analysis and cloud acquisitions.

February 29, 2024 • About a 2 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top