Resource Center

Reports and Guides

For Windows & Mac: Targeted Locations Quick Reference Guide

When you’re performing a remote collection of a target endpoint, time is of the essence. One of the variables that affects the length of time it’ll take for your collection to complete is the amount of data that you’re trying to pull from that endpoint. It’s natural to want as much data as possible so you don’t miss anything, but it’s rarely feasible.  

You want to acquire the most amount of valuable data in the least amount of time. But where do you start? It could be especially challenging if the endpoint is a Mac given APFS isn’t built like NTFS and data is stored in different locations altogether.

We’ve curated a list of targeted locations that you can use as a quick reference when performing a remote acquisition of a target endpoint so you can confidently collect as much useful data in the shortest amount of time.

“Using targeted locations in AXIOM Cyber gave me the perfect starting point for my remote collection and ultimately ended up saving me hours of invaluable time.”

Computer Forensic Investigator, Global 500 Banking Company

Get specific file paths for files and artifacts that are commonly of forensic interest such as:

  • User Data
  • Web Browsing Activity
  • Registry Hives
  • Bash History
  • FSEvents
  • And more!

Download the Targeted Locations Quick Reference Guide: For Windows & Mac today! 

This resource is available in other languages. Check it out in French, German, Bahasa, Japanese, Korean, Traditional Chinese or Simplified Chinese!

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.