The Power of a Comprehensive, Integrated Approach to Forensics

Lately, we’ve been describing Magnet AXIOM as “the most comprehensive, integrated digital investigation platform.” Why does this matter? Why is it an approach that can be valuable to the forensic and investigations communities?

Helping Customers Get the Most Complete Picture

The ability to bring as much data as possible into one view is something that we feel is gaining in its importance as a more standardized way of examining data. One of our leads in forensics mentioned a case where examining phone and computer data separately made some correlations in the data hard to make, while combining the data organically from the start made the correlations obvious and surfaced them immediately.

We have been building our products with an integrated approach as an underlying principle. With the launch of AXIOM Cloud, we continue to try to help our customers get the most complete picture, by combining evidence acquired from smartphones, computers, and the cloud into one case.

The need for this kind of integrated approach only continues to mount because:

  1. The ready availability of devices and the near-ubiquitous use of smartphones and, increasingly Internet of Things (IoT) devices means that they are a key piece of evidence in many, many cases. We call them the silent witnesses.
  2. The amount of data on phones, laptops, the cloud, and more is growing. Storage is bigger, apps do more, we turn to devices as the primary means of communication and web browsing—and the cloud as our primary place to store our most personal data.
  3. All that beautiful data is flowing between those devices and accounts. Start a conversation on Slack at your desk, finish it on your phone during ride home. Receive a photo by text, post it to Instagram, save it on an SD card to print later…
  4. Just as our data knows no boundaries, neither does crime – geographically or digitally. Our Founder, Jad Saliba, has said before that when he was an examiner it was imperative to try to get as complete a picture as possible. You don’t segregate the evidence when you investigate a crime — digital or otherwise.
  5. Most investigative teams have a tool box full of software and hardware they use to analyze a case.

Embracing the Comprehensive Approach Just Makes Sense

Knowing that phones, tablets, laptops, IoT, and the cloud are part of everyday life, acting as silent witnesses and repositories of everything we do, we built tools that can help you show how these data sources tell the story of our lives together. Separately, they give only glimpses.

Building our products with organic integration has allowed us to provide customers with additional tools when it comes to extracting evidence. For instance, AXIOM Cloud leverages cloud, computer, and smartphone artifacts to examine cloud data. This unique capability allows examiners to extract cloud evidence regardless of the file type (e.g., .doc, .xls, .PDF) and pull more evidence from cloud sources. 

The Tool Box Approach

But what about that tool box approach? Given the intense public scrutiny on investigative teams and the pressure of producing defensible findings, it would be wise to listen to Jamie McQuaid, our Forensics Consultant: If you don’t run a case through more than one tool, you’re not doing it right.

And so, we embrace the fact that there is no “one tool to rule them all.” Knowing that, we did make sure that AXIOM is able to ingest data recovered from many other tools. We work with Project VIC to process data against known hash sets, and we work with Griffeye to integrate uncategorized-to-categorized data back into AXIOM.

We even ingest exports from competing products. If we want to say we’re promoting a comprehensive approach, we need to ingest as much digital evidence as we can to provide a complete view. (NOTE – Our customers have told us many, many times that this is also a good way to re-run evidence and see what else AXIOM can find.)

Embracing the Now, Looking to the Future

Frankly, we believe the comprehensive approach is the way of the future and we want to make sure we are doing it right from the code base on up. There are going to be more and more data sources as reliance on the cloud grows and as new devices and “things” become connected.

Having to capture data from each device or service and then examine each one separately, while trying to connect pieces and draw parallels or correlations is a sucker’s bet. The disparate examination approach will quickly lead into longer case backlogs as data sources and the volumes of data grow.

No matter where digital data leads in the future, we will rely on our foundation and continue to build out solutions that provide a complete view into the digital evidence and allow investigative teams to work through cases both quickly and credibly.

If you want to keep up to date on our latest and greatest, watch this blog or follow us on Twitter: @MagnetForensics

Questions? Comments? Please email me at victoria.berry@magnetforensics.com