Blog

Product Features

Magnet OUTRIDER 2.0: Scan Speed Comparison, Feature Deep Dive & More

Earlier this month, we launched Magnet OUTRIDER 2.0, which includes a whole host of new artifact support as well as faster scans compared to earlier versions of OUTRIDER.

In this blog, we’ll dig into the performance gains customers are seeing as well as review the new artifacts and features included in this release. If you’d like to try Magnet OUTRIDER, request a free 30-day trial license here and for those who currently own OUTRIDER, make sure to update today!

Find Evidence Even Faster

Faster icon

Whether your triaging devices while in the field and conducting a search warrant or back in the lab, time is of the essence. The word triage is derived from the French Trier meaning “separate out” while triage is from the early 18th century which is defined as “the action of sorting items according to quality”.  With OUTRIDER our goal is simply that; quickly sort through the digital evidence and find what matters for your investigations. While previous versions of OUTRIDER performed lightning fast scanning for identified apps and CSAM utilizing Child Rescue Coalition technology, we’ve found based on internal testing a 30% improvement in speed while still capturing more data with OUTRIDER 2.0.

My results on testing between OUTRIDER versions 1.7 and 2.0 are listed below.

  • Live Machine Specs: i9 Processor, 32 GB RAM, 2 TB Internal OS Drive
  • 2 external SSD’s also connected to the laptop
    • 1 TB Samsung T5 via USB 3
  • Scans were conducted on a total of 5 TB worth of storage
    • 687,000+ files / folders scanned
    • 63,100+ files analyzed with CRC CSAM Detection
Source Location OUTRIDER 1.7 OUTRIDER 2.0
Externally Connected SSD via USB 3 71 seconds 41 seconds
Run from Internal OS Drive 65 seconds 38 seconds

New Features

The U.S.-based nonprofit the National Center for Missing & Exploited Children (NCMEC) said it had recorded a 106% increase in CyberTipline reports of suspected child sexual exploitation—rising from 983,734 reports in March 2019 to 2,027,520 in the same month this year.

Now available in OUTRIDER 2.0, and quite possibly my favorite new feature in this release is the ability to import NCMEC CyberTip reports for OUTRIDER to find matching hits on. Loading a NCMEC CyberTip is easy, simply select “Import NCMEC CyberTip” from the bottom of the OUTRIDER 2.0 user interface and then select the file, as seen below.

Matches

The NCMEC CyberTip matches can include IP addresses, filename matches, and web browser internet history matches as you can see the image below. IP addresses imported from a NCMEC CyberTip report will also be used to alert you if an imported IP address matches the current external IP address for the live system being scanned.

Live System Artifact Collection

Also new to OUTRIDER 2.0 is the ability to acquire (very quickly) operating system artifacts from a live target system.

New Artifacts Include

  • USB Device History
  • Recently Accessed Files
  • Mapped Network Drives
  • Prefetch Files
  • Extended Drive Info
  • Firewall Info
  • Installed Apps
  • IP Info
  • Logged on Users
  • Network Connections
  • Operating System Info
  • Running Processes
  • Scheduled Tasks
  • User Accounts
  • WiFi Info
  • WiFi Saved Passwords
  • Window Services

New capabilities of OUTRIDER 2.0 also include the ability to capture a screenshot of the target device as well as RAM collection. RAM collected with OUTRIDER can easily be ingested into Magnet AXIOM for further analysis.

Quick Tip: Use the new WiFi Saved Password Lists for other encrypted devices.

As people are creatures of habit, I especially appreciate the new WiFi Saved Passwords artifact.

Within seconds an examiner can have a potentially extensive password list for use while unlocking other encrypted contents during their investigation, based on the list provided from this artifact.

Identify More Apps

We’ve also included additional identified apps within this release of OUTRIDER. New app categories include VPN, Messaging and Games.

VPN Apps Messaging Apps Game Apps
Surfshark Skype Roblox
NordVPN WhatsApp, Minecraft
Hotspot Shield Facebook Messenger Fortnite
StrongVPN Viber  
TunnelBear Slack  
VyprVPN Telegram  
Windscribe LINE  
KeepSolid VPN Unlimited WeChat  
IPVanish VPN Discord  
Private Internet Access Signal  
CyberGhost VPN Pidgin  
  Riot  
  Teams  
  KakaoTalk  
  Wire  
  Wickr  

Between the new app categories, faster scans, NCMEC CyberTip ingestion, and faster scan times, the new OUTRIDER 2.0 update is a fantastic improvement to an already critical tool in investigator’s digital tool box.

As an additional bonus, Jad has personally added an “Easter Egg” in OUTRIDER 2.0 which can be found from the screen shot previewed above, good luck! The first 5 participates who find the surprise and email me at trey.amick@magnetforensics.com will receive some Magnet swag!

For more information or suggestions on future updates please don’t hesitate to reach out to outrider@magnetforensics.com or trey.amick@magnetofrensics.com.

Start modernizing your digital investigations today.

Ready to explore on your own? Start a Free Trial

Top