Whether you’re a new or a long-time user of Magnet AXIOM, we want to make sure you know about some of the advanced functionality that AXIOM has to offer to make your investigations easier.
Have you tried Connections yet? If not, you might be missing out on an incredibly streamlined way to analyze your evidence. In this how-to, we’ll explain how Connections works, and how it can help.
Check out this video to see multiple types of cases utilizing Connections:
Showing the Relationships Between Artifacts
Connections gives you a visual representation of how your artifacts are related in your case. Using the properties of each artifact, called artifact attributes, you can show relationships between an attribute of your choosing, such as a filename or hash value, to other related artifacts in your case.
When you have multiple evidence sources processed in AXIOM, Connections can be extremely valuable. Very quickly, you can connect the dots between mobile devices, cloud sources, external storage devices, and both Mac and Windows operating systems that you might be reviewing in your case. Connections makes it very easy to identify how important files moved between evidence sources, who has accessed them, how individuals communicated, and with what applications.
Connections works great even when you only have one evidence source as well. AXIOM has an extensive list of artifacts that it supports, and sometimes the output of those artifacts gives you a ton of data that it can be extremely time consuming and overwhelming to go through. Connections makes it much easier for you to uncover the relevant data to your case. Once you highlight an artifact of interest and build connections off of its attributes, those additional relevant artifacts are made available to you in an easy to understand visual output. Utilizing Connections is a fast and efficient way to find the relevant entries in heavily populated artifacts such as the UsnJrnl, $Logfile, Windows Event Logs, SRUM data, Office 365 Audit Logs, or FSEvents.
Connections works with memory analysis too! Currently, with Volatility integration in AXIOM, you can draw relationships between process IDs, network activity, and associated dlls. If you have a forensic image of the associated workstation processed in AXIOM as well, you can then see how files found in memory landed on the hard drive, and find associations between the output of various Volatility plugins and Operating System artifacts.
Whether you’re working a case involving child exploitation, fraud, malicious activity, or data exfiltration, save time in your analysis by running Connections on your case, and let AXIOM connect the dots for you.
Want to try it yourself? Request a free trial of Magnet AXIOM to get started today!