Earlier this month, we launched Magnet OUTRIDER 2.0, which includes a whole host of new artifact support as well as faster scans compared to earlier versions of OUTRIDER.
In this blog, we’ll dig into the performance gains customers are seeing as well as review the new artifacts and features included in this release. If you’d like to try Magnet OUTRIDER, request a free 30-day trial license here and for those who currently own OUTRIDER, make sure to update today!
Find Evidence Even Faster
Whether your triaging devices while in the field and conducting a search warrant or back in the lab, time is of the essence. The word triage is derived from the French Trier meaning “separate out” while triage is from the early 18th century which is defined as “the action of sorting items according to quality”. With OUTRIDER our goal is simply that; quickly sort through the digital evidence and find what matters for your investigations. While previous versions of OUTRIDER performed lightning fast scanning for identified apps and CSAM utilizing Child Rescue Coalition technology, we’ve found based on internal testing a 30% improvement in speed while still capturing more data with OUTRIDER 2.0.
My results on testing between OUTRIDER versions 1.7 and 2.0 are listed below.
- Live Machine Specs: i9 Processor, 32 GB RAM, 2 TB Internal OS Drive
- 2 external SSD’s also connected to the laptop
- 1 TB Samsung T5 via USB 3
- 2 TB SiForce Pocket Drive via USB C
- Scans were conducted on a total of 5 TB worth of storage
- 687,000+ files / folders scanned
- 63,100+ files analyzed with CRC CSAM Detection
|Source Location||OUTRIDER 1.7||OUTRIDER 2.0|
|Externally Connected SSD via USB 3||71 seconds||41 seconds|
|Run from Internal OS Drive||65 seconds||38 seconds|
The U.S.-based nonprofit the National Center for Missing & Exploited Children (NCMEC) said it had recorded a 106% increase in CyberTipline reports of suspected child sexual exploitation—rising from 983,734 reports in March 2019 to 2,027,520 in the same month this year.
Now available in OUTRIDER 2.0, and quite possibly my favorite new feature in this release is the ability to import NCMEC CyberTip reports for OUTRIDER to find matching hits on. Loading a NCMEC CyberTip is easy, simply select “Import NCMEC CyberTip” from the bottom of the OUTRIDER 2.0 user interface and then select the file, as seen below.
The NCMEC CyberTip matches can include IP addresses, filename matches, and web browser internet history matches as you can see the image below. IP addresses imported from a NCMEC CyberTip report will also be used to alert you if an imported IP address matches the current external IP address for the live system being scanned.
Live System Artifact Collection
Also new to OUTRIDER 2.0 is the ability to acquire (very quickly) operating system artifacts from a live target system.
New Artifacts Include
- USB Device History
- Recently Accessed Files
- Mapped Network Drives
- Prefetch Files
- Extended Drive Info
- Firewall Info
- Installed Apps
- IP Info
- Logged on Users
- Network Connections
- Operating System Info
- Running Processes
- Scheduled Tasks
- User Accounts
- WiFi Info
- WiFi Saved Passwords
- Window Services
New capabilities of OUTRIDER 2.0 also include the ability to capture a screenshot of the target device as well as RAM collection. RAM collected with OUTRIDER can easily be ingested into Magnet AXIOM for further analysis.
Quick Tip: Use the new WiFi Saved Password Lists for other encrypted devices.
As people are creatures of habit, I especially appreciate the new WiFi Saved Passwords artifact.
Within seconds an examiner can have a potentially extensive password list for use while unlocking other encrypted contents during their investigation, based on the list provided from this artifact.
Identify More Apps
We’ve also included additional identified apps within this release of OUTRIDER. New app categories include VPN, Messaging and Games.
|VPN Apps||Messaging Apps||Game Apps|
|Hotspot Shield||Facebook Messenger||Fortnite|
|KeepSolid VPN Unlimited|
|Private Internet Access||Signal|
Between the new app categories, faster scans, NCMEC CyberTip ingestion, and faster scan times, the new OUTRIDER 2.0 update is a fantastic improvement to an already critical tool in investigator’s digital tool box.
As an additional bonus, Jad has personally added an “Easter Egg” in OUTRIDER 2.0 which can be found from the screen shot previewed above, good luck! The first 5 participates who find the surprise and email me at firstname.lastname@example.org will receive some Magnet swag!