Magnet AXIOM 2.0 has added the ability to conduct additional memory analysis by integrating the Volatility framework. For anyone who has used Volatility in the past, it is a great command line tool to conduct memory analysis by pulling out things like processes, network connections, command history, files, etc. The integration should be familiar to … Continued
Whether you seize computers in the field for criminal investigations, or responding to cyber incidents for a corporation, forensic memory analysis gives you access to evidence you can’t obtain through “dead-box” forensics alone. In many cases, memory analysis may be the only way to obtain evidence critical to solving your investigation. If memory analysis is … Continued
All data is not equal in a forensic examination—and the more data that’s available, the more difficult it is to organize and prioritize. As data volumes grow and users struggle to find the meaning across large swaths of evidence, the need for better digital evidence organization has continued to resonate. Magnet AXIOM’s new Case Dashboard, … Continued
Our previous two blogs covered the reasons why we think file system forensics’ marginal returns are rapidly diminishing, and the changes in consumer electronics that continue to drive the need for a focus on artifacts and the apps they come from in digital forensics. In our final post, we’re discussing how the artifacts-oriented approach allows … Continued
Our previous blog covered the reasons why we think file system forensics’ marginal returns are rapidly diminishing, and why we think the process needs to be balanced with a more efficient, artifacts-oriented approach that relies on the file system to verify and validate. In this blog, we offer the historical context for how we think … Continued
Digital forensics has relied on the file system for as long as hard drives have existed. The structures associated with File Allocation Tables (FAT), the New Technology File System (NTFS), Extended File System (EXT), and other file systems—as well as the partitions within—could be mined for file metadata, carved for deleted files, and accessed to … Continued
In January, we released the AXIOM Wordlist Generator free tool and described in our white paper the changes to the Microsoft® Windows® 10 login workflow that affected password cracking practices. The login workflow was far from the only change in this anniversary update, however. In this blog, Training Director Jamey Tubbs describes other Windows operating … Continued
Happy New Year everyone! Wishing you all a great 2018 full of successful investigations, RAID arrays that never fail, and passwords that are easy to crack. ? Cracking passwords is an unfortunate necessity of “the job” that has only increased over the past years. With better encryption, security, and more people using stronger passwords (or … Continued
Our in-depth three-step forensic research methodology series, which started with “The Process of Discovery,” led to “The Process of Testing” and “The Process of Finding and Parsing,” concludes today with our final blog, “The Process of Scripting.” Our previous blog posts relied on research by Magnet Forensics’ Jessica Hyde and Basis Technology’s Cesar Quezada, as … Continued
Recently, Magnet Forensics and Passware partnered to offer full disk decryption in Magnet AXIOM. AXIOM now includes seamless integration with Passware decryption technology, which supports full disk decryption with a known password for BitLocker, TrueCrypt, PGP Desktop encrypted devices, and others. The full Passware Kit Forensic, with additional features, is also available for purchase. For … Continued
