EXPERTLY ANALYZE EVIDENCE AND MAKE SENSE OF THE DATA IN MAGNET AXIOM EXAMINE
Magnet AXIOM Examine’s powerful analysis tools are designed to enable efficient analysis of large volumes of data, allowing for quick identification and validation of the evidence that’s most important to an investigation.
Quickly identify important evidence, provide preliminary insights to key stakeholders and focus on the rest of your investigative work.
Explore the file system and registry to verify artifacts, and discover related evidence. Build a more complete picture of the user’s activity.
Collaborate and Share.
Share an AXIOM Portable Case with colleagues to enable collaborative review of evidence.
AXIOM now leverages Magnet.AI, an industry-first, to detect and analyze the context around content for potential luring conversations, allowing examiners to immediately find relevant data that helps move an investigation forward — saving countless hours sifting through evidence.
POWER AND SIMPLICITY IN AN EASY TO USE INTERFACE
Magnet AXIOM Examine has a powerful and sleek interface that was designed to feel natural and familiar. The framework of the user interface allows you to work through your examination more easily – jumping between high level detail and the source data of specific artifacts.
This pane lists all the artifact hits in your case, separated by category. When you select a category, the Evidence pane is refreshed to show all the hits in that category. The navigation pane allows you to switch between three different views: the Artifacts Explorer (default), the File System Explorer, and the Registry Explorer.
While using the Artifacts Explorer, this pane lists all the artifact hits in the current selection. You can narrow this list further by using the various options in the Filter bar. When you select an item in the Evidence pane, its details are displayed in the Contents pane.
Note: If you’re using the File system explorer or the Registry explorer, this pane displays a file tree or registry tree, respectively.
The Contents pane contains more detailed information about an artifact. This view can contain a number of different cards depending on the type of artifact that you select, and the view that you’re using.
The Filter bar allows you to apply filters on the evidence source, type of artifact, date, time, and tags that you apply to evidence. Any changes that you make to filters are automatically reflected in the Navigation and Evidence panes.
Tags, Comments & Profiles Panes
This pane allows you to create and manage the tags and comments that you apply to evidence.
Contains important status and progress messages.
NAVIGATE ARTIFACTS, FILE SYSTEMS AND REGISTRY
Artifact Explorer is designed to make it easier and faster for examiners to review and analyze large volumes of digital evidence. Artifact Explorer allows you to interrogate all the artifact data recovered by Evidence Analyzer. Browse evidence by artifact type, quickly and easily filter, sort, and search the artifact database. All the digital evidence recovered by an AXIOM Evidence Analyzer search is organized and stored in an artifact database, which is comprised of distinct artifact tables for each supported artifact type.
File System Explorer
The File System Explorer allows you to explore the file system tree of your evidence source. Recursive views allow you to navigate hierarchical file structures. File System Explorer allows you to examine additional content such as unallocated space and volume slack.
The Registry Explorer allows you to navigate the complex relational hierarchy of a Windows registry. Registry Explorer links artifacts and files directly to registry keys, decreasing the amount of time you spend traversing the tree.
Zero in on evidence
The process of going from a large volume of data to specific pieces of evidence can be iterative and time consuming. Change what you see and how you see it quickly using the many functions and features in the Artifact Explorer. You can filter, group, sort, or search to narrow down and pinpoint important artifacts of interest.
Using the Artifact Explorer, see the recovered artifacts organized into categories that make it easier to find and analyze evidence.
Get to relevant evidence faster using filters. Isolate evidence from a specific date or time range, or create filters to narrow results based on field values for any supported artifact type. Filter stacking allows you to layer on several dimensions of filter criteria to pinpoint specific items in a large dataset.
Isolate evidence and see data from different perspectives using a multitude of views.
- Chat threading view: Displays messages as a back-and-forth dialogue, in a format similar to the application that the messages are from
- Classic view: Stacks the Evidence pane and Contents panes vertically, similar to the Report Viewer in Magnet IEF
- Column view: Displays all of an artifact hit’s data in a table format that allows you to sort on any column. This is the default view
- Histogram view: Provides a graphical representation of all the hits in your case for each type of artifact
- Row view: Displays an artifact hit’s most relevant pieces of data in a row format
- Thumbnail view: Displays media files as thumbnails
- Timeline view: Displays artifact hits as spikes on a graphical timeline
- World map view: Plots artifact hits as coordinates on a world map
Tags, Comments and Profiles
Create and manage a number of different tags to help you narrow down the results quickly and begin to see patterns in an individual’s activity. Using the comments function, identify and share your thoughts with other key stakeholders. You can also create profiles that are associated with an individual and then associate other identifiers (email addresses, phone numbers, etc) with the profile, so that you can filter evidence to show only the evidence associated with the individual.
Once you’ve used filters to narrow down your search, you can review additional information about artifacts of interest in the Contents Pane. Details are provided in the following format: Preview Card, Details Card, and Text and Hex Card.
The Preview Card is specific to an artifact. In this card, you will be able to see artifacts as the suspect did, including images, videos, documents, and webpages. This card is active in the Artifact Explorer and File System Explorer.
The Details Card is the standard card for all three Explorers. This card specifies the details for the artifact you have selected and breaks down the information as follows:
- Artifact Information – includes information such as Filename, Title, Authors, Date/Time information
- Evidence Information – includes source information and link, location, and an evidence number
Text and Hex Card
The Text and Hex Card is specific to the files in the Explorers. When viewing this card in the Registry Explorer, you can see the keys for every registry. When viewing this card in the File System Explorer, you can see the Text and Hex encoding for the file selected. This card is active in the File System Explorer and Registry Explorer.
Add New Evidence to an Existing Case
When it’s time to share results with stakeholders, or prepare evidence for courtroom testimony, AXIOM’s sharing tools present information in a format that non-technical people can make sense of – – which means less manual work pulling together reports, and an easier time sharing findings with others.