When you’re performing a remote collection of a target endpoint, time is of the essence. One of the variables that affects the length of time it’ll take for your collection to complete is the amount of data that you’re trying to pull from that endpoint. It’s natural to want as much data as possible so you don’t miss anything, but it’s rarely feasible.
You want to acquire the most amount of valuable data in the least amount of time. But where do you start? It could be especially challenging if the endpoint is a Mac given APFS isn’t built like NTFS and data is stored in different locations altogether.
We’ve curated a list of targeted locations that you can use as a quick reference when performing a remote acquisition of a target endpoint so you can confidently collect as much useful data in the shortest amount of time.
“Using targeted locations in AXIOM Cyber gave me the perfect starting point for my remote collection and ultimately ended up saving me hours of invaluable time.”Computer Forensic Investigator, Global 500 Banking Company
Get specific file paths for files and artifacts that are commonly of forensic interest such as:
- User Data
- Web Browsing Activity
- Registry Hives
- Bash History
- And more!