Resource Center

How-Tos How-Tos

Using AXIOM Cloud for Slack Acquisitions

Magnet AXIOM 3.0 has shaped up to be the biggest release of AXIOM since it was introduced to the market three years ago! In this release, we’ve added both APFS file system support as well as support for additional artifacts, including cloud acquisitions of Slack data.

The latest version of Magnet AXIOM is now available for customers to download! Either upgrade within AXIOM, or head over to the Customer Portal to download AXIOM 3.0.

If you’re not already using AXIOM and want try AXIOM 3.0 for yourself, request a trial today.

What the Slack?

Originally released in 2009, Slack allows for collaboration across both private messages and private/public channels. Channels allow for the collaboration between projects or teams similar to that of a chat room. Slack also has a searchable history feature, allowing for messages and files being shared to easily be indexed for users to find. Slack can also be used in enterprise environments with external partner accounts, giving organizations flexibility when working with clients or contractors.

As of May 2018, Slack has over eight million daily active users[i]. With the amount of data and communications being transferred, Magnet Forensics assists corporate investigators in capturing information relevant to their casework, quickly and efficiently. Features such as Connections, with multiple data sources like Slack and Office 365, can allow examiners to efficiently complete their casework.

Slack screenshot

Slack Acquisition & Analysis

Acquisition process for Slack

We’ve made acquiring data directly from Slack into AXIOM a quick three-step process. Before casework can commence, coordinate with your IT/SOC to make sure AXIOM is whitelisted for apps that can access Slack. You’ll only need to whitelist AXIOM once. Next, simply enter the account information and credentials of the account that is under investigation into AXIOM and select Analyze Evidence.

Once acquired and processed, examiners can review the following Slack artifacts:

  • Messages
  • Channels
  • Files/Media Shared
  • Users
  • Workspaces
Results of Slack Artifacts

Under the Cloud Slack Messages Artifact, investigators can see direct messages, channel messages (from public channels), and Private Channel messages, as well as attachments shared between users.                                                                

It’s also worth mentioning that Slack support was added for both Android and iOS in AXIOM 2.10. The mobile Slack artifacts will recover channels, channel messages, direct messages, files, users, and workspaces. ​

If there are artifacts you’d like to see supported in AXIOM or if you have any questions, please don’t hesitate to reach out to me at trey.amick@magnetforensics.com

[i] https://www.statista.com/statistics/652779/worldwide-slack-users-total-vs-paid/

Start modernizing your digital investigations today.

Ready to explore on your own? Start a Free Trial

:qa Top