EXPERTLY ANALYZE EVIDENCE AND MAKE SENSE OF THE DATA IN MAGNET AXIOM EXAMINE

Magnet AXIOM Examine’s powerful analysis tools are designed to enable efficient analysis of large volumes of data, allowing for quick identification and validation of the evidence that’s most important to an investigation.

Analyze Efficiently.

Quickly identify important evidence, provide preliminary insights to key stakeholders and focus on the rest of your investigative work.

Dig Deeper.

Explore the file system and registry to verify artifacts, and discover related evidence. Build a more complete picture of the user’s activity.

Collaborate and Share.

Share an AXIOM Portable Case with colleagues to enable collaborative review of evidence.

Assess your digital forensics needs and get a live walk-through of Magnet AXIOM by scheduling a demo.

Schedule a demo

AXIOM now leverages Magnet.AI, an industry-first, to detect and analyze the context around content for potential luring conversations, allowing examiners to immediately find relevant data that helps move an investigation forward — saving countless hours sifting through evidence.

Looking for Full Disk Decryption, or Hibernation file recovery?
Try AXIOM today.

Get Started


POWER AND SIMPLICITY IN AN EASY TO USE INTERFACE

Magnet AXIOM Examine has a powerful and sleek interface that was designed to feel natural and familiar. The framework of the user interface allows you to work through your examination more easily – jumping between high level detail and the source data of specific artifacts.


AXIOM Examine

1

Navigation Pane

This pane lists all the artifact hits in your case, separated by category. When you select a category, the Evidence pane is refreshed to show all the hits in that category. The navigation pane allows you to switch between three different views: the Artifacts Explorer (default), the File System Explorer, and the Registry Explorer.

2

Evidence Pane

While using the Artifacts Explorer, this pane lists all the artifact hits in the current selection. You can narrow this list further by using the various options in the Filter bar. When you select an item in the Evidence pane, its details are displayed in the Contents pane.

Note: If you’re using the File system explorer or the Registry explorer, this pane displays a file tree or registry tree, respectively.

3

Contents Pane

The Contents pane contains more detailed information about an artifact. This view can contain a number of different cards depending on the type of artifact that you select, and the view that you’re using.

4

Filters Bar

The Filter bar allows you to apply filters on the evidence source, type of artifact, date, time, and tags that you apply to evidence. Any changes that you make to filters are automatically reflected in the Navigation and Evidence panes.

5

Tags, Comments & Profiles Panes

This pane allows you to create and manage the tags and comments that you apply to evidence.

6

Status Bar

Contains important status and progress messages.

Assess your digital forensics needs and get a live walk-through of Magnet AXIOM by scheduling a demo.

Schedule a Demo


NAVIGATE ARTIFACTS, FILE SYSTEMS AND REGISTRY

AXIOM Examine

Artifact Explorer

Artifact Explorer is designed to make it easier and faster for examiners to review and analyze large volumes of digital evidence. Artifact Explorer allows you to interrogate all the artifact data recovered by Evidence Analyzer. Browse evidence by artifact type, quickly and easily filter, sort, and search the artifact database. All the digital evidence recovered by an AXIOM Evidence Analyzer search is organized and stored in an artifact database, which is comprised of distinct artifact tables for each supported artifact type.

File System Explorer

The File System Explorer allows you to explore the file system tree of your evidence source. Recursive views allow you to navigate hierarchical file structures. File System Explorer allows you to examine additional content such as unallocated space and volume slack.

Registry Explorer

The Registry Explorer allows you to navigate the complex relational hierarchy of a Windows registry. Registry Explorer links artifacts and files directly to registry keys, decreasing the amount of time you spend traversing the tree.

Source Linking

Source linking allows you to explore the relationship between recovered artifacts and source location of files. Source linking streamlines artifact verification and validation process.

  • Source Links – jump from an individual recovered artifact in the Artifact Explorer directly to the original file source location in the file system or registry
  • Related Evidence Links – jump from an individual file or folder in the File System Explorer or Registry Explorer, to a filtered view in the Artifact Explorer of all artifacts contained in the selected location



Zero in on evidence

The process of going from a large volume of data to specific pieces of evidence can be iterative and time consuming. Change what you see and how you see it quickly using the many functions and features in the Artifact Explorer. You can filter, group, sort, or search to narrow down and pinpoint important artifacts of interest.

Categorization

Using the Artifact Explorer, see the recovered artifacts organized into categories that make it easier to find and analyze evidence.

Filtering

Get to relevant evidence faster using filters. Isolate evidence from a specific date or time range, or create filters to narrow results based on field values for any supported artifact type. Filter stacking allows you to layer on several dimensions of filter criteria to pinpoint specific items in a large dataset.

Views

Isolate evidence and see data from different perspectives using a multitude of views.

  • Chat threading view: Displays messages as a back-and-forth dialogue, in a format similar to the application that the messages are from
  • Classic view: Stacks the Evidence pane and Contents panes vertically, similar to the Report Viewer in Magnet IEF
  • Column view: Displays all of an artifact hit’s data in a table format that allows you to sort on any column. This is the default view
  • Histogram view: Provides a graphical representation of all the hits in your case for each type of artifact
  • Row view: Displays an artifact hit’s most relevant pieces of data in a row format
  • Thumbnail view: Displays media files as thumbnails
  • Timeline view: Displays artifact hits as spikes on a graphical timeline
  • World map view: Plots artifact hits as coordinates on a world map

Tags, Comments and Profiles

Create and manage a number of different tags to help you narrow down the results quickly and begin to see patterns in an individual’s activity. Using the comments function, identify and share your thoughts with other key stakeholders. You can also create profiles that are associated with an individual and then associate other identifiers (email addresses, phone numbers, etc) with the profile, so that you can filter evidence to show only the evidence associated with the individual.


Artifact Details

Once you’ve used filters to narrow down your search, you can review additional information about artifacts of interest in the Contents Pane. Details are provided in the following format: Preview Card, Details Card, and Text and Hex Card.

AXIOM Examine
1

Preview Card

The Preview Card is specific to an artifact. In this card, you will be able to see artifacts as the suspect did, including images, videos, documents, and webpages. This card is active in the Artifact Explorer and File System Explorer.

2

Details Card

The Details Card is the standard card for all three Explorers. This card specifies the details for the artifact you have selected and breaks down the information as follows:

  • Artifact Information – includes information such as Filename, Title, Authors, Date/Time information
  • Evidence Information – includes source information and link, location, and an evidence number
3

Text and Hex Card

The Text and Hex Card is specific to the files in the Explorers. When viewing this card in the Registry Explorer, you can see the keys for every registry. When viewing this card in the File System Explorer, you can see the Text and Hex encoding for the file selected. This card is active in the File System Explorer and Registry Explorer.




Add New Evidence to an Existing Case

If new evidence items are acquired, AXIOM users can easily add new images and new data to an existing case to ensure investigators and stakeholders are seeing the whole picture.



Sharing

When it’s time to share results with stakeholders, or prepare evidence for courtroom testimony, AXIOM’s sharing tools present information in a format that non-technical people can make sense of – – which means less manual work pulling together reports, and an easier time sharing findings with others.

True View Exports

True View Exports enables examiners to present their findings in a customized view that fits their particular reporting needs and parameters. No need to manipulate exported findings into a report template. Export them as you see them.

Portable Case

Create an AXIOM Portable Case to enable non-technical stakeholders to collaboratively review digital evidence. An AXIOM Portable Case contains the Artifact Database and a lightweight version of AXIOM Examine designed to make it easy for you to share evidence and collaborate with stakeholders. Portable Case users can review evidence, search, filter, tag records, and add notes without needing an AXIOM license

Learn how you obtain different data sources in Magnet AXIOM Process



Learn More
AXIOM Examine

Need Magnet Axiom
for Computers?

Learn more about AXIOM's supported artifacts and operating systems for computer forensics.

View Specs
AXIOM Examine

Need Magnet Axiom
for Smartphones?

Learn more about AXIOM's supported artifacts and operating systems for smartphone forensics.

View Specs

Get a fully functional
free trial for 30 days

Get trial >
Free Trial

Assess your digital forensics needs and get a live walk-through of Magnet AXIOM by scheduling a demo.

Schedule a demo >

Interested in pricing for Magnet AXIOM?
Check out our pricing guide

See Pricing >