How modern DFIR capabilities support meeting the NIS2 Directive
Explore how DFIR supports NIS2 compliance with rapid analysis, evidence preservation, and defensible reporting.
Explore how DFIR supports NIS2 compliance with rapid analysis, evidence preservation, and defensible reporting.
Have you considered cloud storage but don’t know where to start? Worried about being locked into a storage solution with no way of ever getting out? Then this session is for you. Join us to learn about how the Seattle PD effectively manages large amounts of digital data and efficiently moves data from on premise storage systems to the cloud. From policy to technology and operational considerations, this session will highlight how Seattle PD and Magnet Forensics work together to migrate petabytes of digital evidence to the cloud, allowing you to understand the advantages and complexities of cloud storage and data migration, and to build confidence in hosted digital evidence management today and into the future.
Join us for a live, interactive Ask Me Anything (AMA) session where you can ask questions directly to seasoned digital forensics experts and get practical, real-world guidance on strengthening eDiscovery from the earliest stages of a matter.
While ransomware grabs headlines, business email compromise (BEC) quietly causes billions in losses every year. For private sector responders, these cases present unique investigative hurdles: social engineering, subtle logins, wire transfers, and abuse of legitimate SaaS features. This presentation dives into the forensic artifacts and investigative playbooks for BEC cases, including Office 365 sign-in logs, forwarding rules, OAuth abuse, and transaction metadata. We’ll explore how to triage compromised accounts, correlate access patterns with financial events, and present findings in a way that supports both containment and legal/regulatory needs. Whether you work in corporate IR, legal, or compliance, this session will equip you with the tools to tackle one of the most common—and costly—forms of corporate compromise.
Digital investigations continue to grow in scale and complexity—putting pressure on teams to surface the right evidence quickly, without compromising analytical depth or defensibility.
In this webinar, we’ll provide an overview of Magnet Axiom, highlighting how the platform supports end‑to‑end digital investigations across devices, cloud, and intelligence workflows. We’ll showcase what’s new in Axiom 10.0, including Artifact Post Processing, which gives examiners more control over time‑to‑evidence by allowing artifacts to be processed iteratively as cases evolve. We’ll also highlight enhancements to intelligence workflows, including deeper integration with the Griffeye Intelligence Database (GID), enabling faster, more consistent categorization and improved sharing and collaboration of intelligence across cases.
Attendees will leave with a clear understanding of how Axiom helps teams work faster, adapt to changing investigative priorities, and build stronger, intelligence‑driven cases.
By Chad Gish Key insights The Windows pagefile.sys is a fundamental source of evidence in digital forensics investigations and incident response. When live RAM capture is unavailable, either due to a system shutdown, oversight, or other factors, this system-managed file can serve as the last resort for recovering critical memory-related evidence. Some examples of artifacts … Continued
At Magnet, we are using Artificial Intelligence to transform the way digital investigators uncover, analyze, and interpret evidence – unlocking insights once thought impossible.
I have spent a lot of time thinking about the places where digital forensics actually happens and not just where it is supposed to happen.
Artificial intelligence is increasingly being invoked in child exploitation cases as a defense strategy, with claims that images are AI-generated, deepfakes, and that no real child is being depicted—all to create confusion and undermine proof.
In today’s dynamic cybersecurity landscape, traditional digital forensics and incident response (DFIR) methods often fall short in fully uncovering the scope of cyber threats. This is due not only to the complexity of modern attacks but also to the environments under investigation. This presentation examines the limitations of conventional DFIR, sharing real-world cases where standard techniques failed to reveal the full extent of malicious activity, and detailing the approaches used to expose the true risks. Adversaries now employ increasingly advanced tactics, techniques, and procedures (TTPs), requiring more adaptable investigative strategies. We’re advocating for a shift toward flexible DFIR practices that go beyond traditional constraints, enabling practitioners to identify hidden threats and challenge ingrained assumptions within organizations. Our goal is to equip security professionals with confidence in challenging assumptions and better meet the challenges of modern cyber threats.