When Windows takes a nap and leaves you evidence: Inside hiberfil.sys
Hiberfil.sys is one of those Windows artifacts every examiner should know about. It can contain a near-complete capture of system memory but is also tricky to collect and parse.
Tag: Computer
Forensic Analysis of Prefetch files in Windows
This is the fourth blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are prefetch files? Prefetch files are great artifacts for forensic investigators trying to analyze applications that have been run on a system. Windows creates a prefetch file when an application is … Continued
Forensic analysis of LNK files
This is the third blog post in a series of five about recovering Business Applications & OS Artifacts for your digital forensics investigations. What are LNK files? LNK files are a relatively simple but valuable artifact for the forensics investigator. Shortcut files link to an application or file commonly found on a user’s desktop or … Continued
Digital Forensics: Artifact Profile – Windows Recycle Bin
Windows Recycle Bin in Digital Forensics The Windows Recycle Bin, a seemingly simple feature, has undergone significant changes across different versions of the Windows operating system. This artifact is not just a virtual trash can but a critical element in digital forensic investigations. Understanding its evolution and functionality can provide valuable insights into user activity … Continued
Digital Forensics Tools: The Ultimate Guide (2024)
Digital forensics tools have improved a lot in the past several years. With these advances, the digital forensics community now has many tool options for each phase of an investigation.
Deep Dive on Portable Case Part 1
One of the most essential parts of the forensic process is reporting what you find on a system. Often, the forensic examiner may only know part of the case. Not having the complete picture as a single examiner makes collaborating on findings essential to the reporting process. Magnet Forensics has built Portable Case, a feature of Magnet AXIOM and Magnet Cyber, to help foster that collaboration, make it more integrated, and allow that needed collaboration.
How to Ingest Mobile Extractions from GrayKey, UFED, XRY, and Oxygen in Magnet AXIOM
In this series, we walk through how to ingest images from a variety of third party sources into Magnet AXIOM.
DFIR: What is Digital Forensics and Incident Response?
Digital Forensics and Incident Response (DFIR), is often used to speak about both the digital forensics and incident response fields—related but separate areas. Let’s delve into what both digital forensics and incident response are and why they are often grouped together.
Analytics in Magnet Axiom
When it comes to the analytics tools of Magnet Axiom, they’re designed to automatically surface case-relevant evidence, empowering you to derive insights and intelligence quickly and easily. With tools such as Media Explorer, Cloud Insights Dashboard, Connections, and Timeline, Axiom leverages technology like machine learning and CBIR (Content-Based Image Retrieval) to surface evidence. Data visualizations are … Continued
Updates in Magnet AXIOM 4.2 Include Support for AFF4, Skype Warrant Returns, and WhatsApp
Magnet AXIOM 4.2 and Magnet AXIOM Cyber 4.2 are now available for download! Get it now within AXIOM or over at Customer Portal. AXIOM 4.2 brings AFF4 support, the ability to ingest Skype Warrant Returns, and new WhatsApp data collection options, along with customized Targeted Locations and support for Office 365 Unified Audit Logs in … Continued