Tagging evidence
Tags and comments help you organize evidence and identify artifacts that are important to your investigation. For example, you might apply the Of interest tag to artifacts you want to have a closer look at later. You can view all of the tags and comments that are applied to an artifact in
AXIOM Examine includes a set of system tags that you can use, or you can create your own.
When you export artifacts or create a portable case, any tags or comments that you have applied also get exported.
Tag evidence
Use tags to label evidence in a meaningful way for your investigation. After you tag evidence, you can use the Tags and comments filter to show only those items that are of interest to you.
Tagging is available for artifacts that appear in the Artifacts
- In AXIOM Examine, in Evidence, right-click the artifact or group of artifacts that you want to tag.
- Click Add / Remove tag.
- Select the tags that you want to apply.
After you apply a tag, the tag color appears beside the artifact.
Add comments to an artifact
Commenting is available for artifacts that appear in the Artifacts
- In AXIOM Examine, in Evidence, click the artifact that you want to comment on.
- In
- Type a comment and click Okay.
System tags
In addition to creating your own tags, AXIOM Examine includes a set of system tags that you can use or customize.
| Tag | Default keyboard shortcut |
|---|---|
| Bookmark | Spacebar |
| Evidence | CTRL + 1 |
| Of interest | CTRL + 3 |
| Possible luring | No shortcut |
| Exceptions | No shortcut |
Note: When a search completes, you can view a summary of any files that were not fully processed due to artifact timeouts. These files are tagged in AXIOM Examine with the Exceptions system tag. The Exceptions system tag is not included in any exports/reports.