Exploring the Files App in iOS
Chris Vance goes through the “Files” app that Apple added in iOS 11.
Topic: Mobile
Tips & Tricks // Custom Artifacts
As new applications are used and updated, forensic tools do not always support every artifact. Often times examiners manually parse artifacts from a variety of sources. What if you could easily automate that parsing for future cases and large data sets… and still analyze those results in your tools? What if you could share your … Continued
Tips & Tricks // Making Sense of the Media Mayhem with Mac & iOS
It’s estimated that there will be 1.4 trillion photos taken in 2020, with the bulk of those coming from mobile devices. Since 2009, more than1.5 billion iPhones have been sold globally making it easier than ever to capture, share and edit media files. Investigators can often gain valuable clues derived from recovered media file details. … Continued
Updates in Magnet AXIOM 4.2 Include Support for AFF4, Skype Warrant Returns, and WhatsApp
Magnet AXIOM 4.2 and Magnet AXIOM Cyber 4.2 are now available for download! Get it now within AXIOM or over at Customer Portal. AXIOM 4.2 brings AFF4 support, the ability to ingest Skype Warrant Returns, and new WhatsApp data collection options, along with customized Targeted Locations and support for Office 365 Unified Audit Logs in … Continued
Zoom Artifact Support in Magnet AXIOM
We at Magnet Forensics are constantly trying to keep up with new artifacts that are relevant to the changing times to help assist in your examinations. Recently added into Magnet AXIOM was the support of Zoom application artifacts, which in recent times has become an extremely popular way for us to connect and communicate in … Continued
Skype Warrant Returns in Magnet AXIOM
We know how useful it can be to analyze the data from your warrant returns alongside your other evidence sources in AXIOM. AXIOM has long supported the processing of warrant returns from Apple, Facebook, Google/Gmail, Instagram, and Snapchat. And now, new in Magnet AXIOM 4.2 is the ability to ingest and process Skype Warrant Return … Continued
Yep, Magnet AXIOM Cyber Supports Slack!
As many of us know, Slack has become a dominant collaboration and chat platform used in environments around the globe since its inception in 2009. With over 10 million daily active users and 85,000 paying customers, examiners are frequently facing casework where Slack data plays a pivotal part in the investigation. In this blog, we’ll discuss the different options examiners have when investigating Slack with Magnet … Continued
Free Mac & iOS Resources for the DFIR Community
Members of the forensic community often take it upon themselves to create scripts, custom artifacts, or software to aid in their investigations, then share with others, which I’ve always loved. The talent our community guild has is truly awesome, and I’m thankful to be a part of it. This blog isn’t meant to be an end all, be all of every publicly available Mac … Continued
macOS & iOS Photos Support with Magnet AXIOM
Within recent releases of AXIOM, we’ve added new artifacts to help examiners analyze images found on both iOS and macOS systems. Many investigations that examiners are faced with hinge on the images found during analysis of the data. These artifacts will help identify new points of interest and allow for more context to be drawn around images found during those investigations. We can all agree … Continued
Magnet Virtual Summit // A Blessing In Disguise: How To Conduct Remote Mobile Acquisitions For Investigations & Preservation
One of the biggest handicaps to device acquisition and analysis is getting information from devices that are not geographically feasible, or time is not on the investigator’s side. In the past, the only method of collecting mobile devices was either through on-site collections or through various cloud management solutions. This gives a person-of-interest time to … Continued