Tips & Tricks Webinars

Browse Our Tips & Tricks Webinars

We know many of you are currently working from home and engaging in free learning opportunities is more important than ever.

We are excited to provide you with a wide variety of Magnet Forensics Tips & Tricks webinars. These quick presentations will help you learn about new ways to improve your investigations, and you can find recordings of them below which you can access anytime.

Tips & Tricks Recordings

Tips and Tricks // Piece the Story Together with OS, Memory, and Other Artifacts

Learn how to correlate different artifacts with each other and see the connections that occur between data across multiple types of evidence including computer, mobile devices, memory dumps, external media, and cloud. Then pivot to timeline analysis to help pinpoint the exact offense or step through exactly how an incident occurred. In this Tips & Tricks session, Tarah Melton, Forensic Consultant, will walk through a case using Connections and the Timeline Explorer in Magnet AXIOM and show how artifact correlations and timestamps can help tell the story in your investigation.


Tips & Tricks // Loading Different Evidence Types into AXIOM

Loading evidence in AXIOM is pretty straightforward for most use cases but there are times that certain types of files or images could benefit from some added insight or knowledge on the image formats and the various ways they can be loaded into AXIOM to get the best results for your investigation. In this session we’ll go over some of the most common (and some not so common) ways you can load evidence into AXIOM and see how that may affect the artifacts that get searched, decryption capabilities, or processing speed. We’ll also look at images outputted from various tools and see how they may differ and some of the most common questions we get about them.


Tips & Tricks // Magnet Web Page Saver

Magnet Web Page Saver (WPS) is a perfect tool for capturing how web pages look at a specific point in time.  Join Jad Saliba, CTO & Founder of Magnet Forensics as  dives into common questions about WPS and digs into the functionality and use cases in this hands-on  tips & tricks session. WPS is especially useful in situations where the web pages need to be displayed in an environment where internet access is not available. Magnet WPS takes a list of URLs and saves scrolling captures (“snapshots”) of each page.  URLs can be typed in manually or imported from a text file or CSV file.  WPS produces an easy-to-navigate HTML report file containing the saved pages, with customized options. This feature is perfect for those web sites containing contraband where you need to pull the information quickly before the criminals alter or change the web page.


Tips & Tricks // Using Identifiers and Profiles in Magnet AXIOM

One of the best hidden features of Magnet AXIOM is Profiles. Profiles allow examiners to group particular unique identifiers found in their case and tie them to a particular person or device. This allows the user to build a persona from data found as part of the investigation and correlate this information across evidence sources. Once a profile is created, filters can be applied to find additional evidence across many sources (computer, mobile, cloud, etc…) about a person based on the identifiers tied to that profile. This can help uncover additional details about a subject that otherwise might have been overlooked by manually searching. Join Jamie McQuaid as he walks through how to build various profiles and apply them to different types of investigations.


Tips & Tricks // Utilizing Magnet Free Tools – RAM Capture & Process Capture

When it comes to capturing RAM what are the best ways to accomplish this? Should I use the command line? Or GUI? Should I include Process Capture.  What benefits would I get if I use Magnet Process Capture? Patrick Beaver from Magnet Forensics Professional Services team will dive into these key questions and help you uncover more evidence through memory acquisition with these free tools.


Tips & Tricks // Making Sense of the Media Mayhem with Mac & iOS

It’s estimated that there will be 1.4 trillion photos taken in 2020, with the bulk of those coming from mobile devices. Since 2009, more than1.5 billion iPhones have been sold globally making it easier than ever to capture, share and edit media files. Investigators can often gain valuable clues derived from recovered media file details. In this presentation, Trey Amick, Forensic Consultant Manager, will dig into the Photos application found on both iOS and macOS endpoints, and show examiners the level of detail they can provide in their media investigations.


Tips & Tricks // Portable Case

One of the most important aspects in any digital forensic examination is the need to collaborate and discuss the findings from the case data with other stakeholders.  This can include attorneys, other investigators, Human Resources, clients, and more. AXIOM eases this collaboration via Portable Case, enabling those stakeholders the ability to review, tag, and comment on that data, then allowing the merging of those insights back into the main case file by the forensic examiner. Join Tarah Melton, Forensic Consultant, to learn how to create and utilize Portable Cases from AXIOM in your investigations for more efficient communication of forensic findings in your casework.


Tips & Tricks // Dynamic App Finder

It is impossible for commercial forensic tools to be able to keep up with the support of the millions of new and updated applications available on mobile platforms today. Even still, this application data might be vital to your case. In this Tips & Tricks session, Tarah Melton, Forensic Consultant, will demonstrate AXIOM’s Dynamic App Finder (DAF), to show one method of parsing data from these unsupported applications efficiently though the AXIOM interface. Utilizing DAF, we’ll discover how to identify useful data from mobile databases and create custom artifacts to add into AXIOM to analyze alongside our other parsed data.


Tips & Tricks // Custom Artifacts

As new applications are used and updated, forensic tools do not always support every artifact. Often times examiners manually parse artifacts from a variety of sources. What if you could easily automate that parsing for future cases and large data sets… and still analyze those results in your tools?  What if you could share your parsers and also use ones from other examiners? What if these results could be analyzed with the rest of the data from the case?

In this Tips & Tricks webinar, we will show the value of using Custom Artifacts in AXIOM to support unsupported artifacts and sources. Join us to learn how you can use templates to parse SQLite or RegEx or Python to create Custom Artifacts for use in AXIOM. Jessica will also teach you how to find custom artifacts created by others on the Artifact Exchange. Finally, you’ll learn how to build, share, and use custom artifacts to help support novel data and support the unsupported.


Tips & Tricks // File System in Magnet AXIOM

Magnet AXIOM is known for parsing hundreds of artifacts from computer, mobile and cloud evidence sources. But in addition to these artifacts, you’ll find that there are a number of useful features in our File System view as well! Enhanced viewers for SQLite databases, plists, and JSON files, and the automatic decoding data from hex are just some of the valuable features we’ll review in this Tips and Tricks session. Join us to see why utilizing AXIOM to dive into the file system can greatly benefit your examinations!


Tips & Tricks // AXIOM Advanced Searches / Regular Expressions

Can regex (regular expressions) be scary? Absolutely! Do you need to be an absolute wizard to start using them? No way! AXIOM advanced searches and column allow forensic examiners to make use of regular expressions to help sort through their data with greater precision. Join Mike Williamson for this Tips & Tricks session, where he makes the case for learning about Regex, and provides several reusable pattern constructs you can begin using in your examinations immediately!


Tips & Tricks // Unlocking Additional Evidence with Artifact Options in AXIOM

When scanning evidence in Magnet AXIOM, most of the time the default artifact selection and options cover a wide range of case types. However there are times when applying additional options for a particular artifact could unlock a wealth of information otherwise thought unavailable. For example, knowing the user’s Windows password isn’t usually necessary to analyze their computer, however there are many apps such as browsers, Zoom, Dropbox, etc. that use the built in Windows data protection controls to encrypt their data on the user’s system. Knowing what these options offer can enable examiners to know when to enable certain features and assist in uncovering additional details that wouldn’t have otherwise been unlocked in the default scan. Join Jamie McQuaid as we walk through some of these options to help you better understand their value to your investigation and when they should be applied.


Tips & Tricks // Harnessing Magnet.AI to Save Time in Your Investigations

The massive amount of text-based and media content involved in today’s digital investigations can make the search for potential evidence a time-consuming task. Machine learning and image recognition tools can help to identify and categorize content of interest so examiners can more quickly uncover the key evidence needed for their cases.  

In this Tips and Tricks webinar, Trey Amick, Manager of Forensic Consultants, will show you how to leverage AXIOM’s Magnet.AI machine learning and Content Based Image Retrieval (CBIR) technology to quickly surface, analyze, and classify pictures and chats. 

  • Automatically detect and categorize potential pictures of drugs, weapons, nudity, or child abuse, and chats containing sexual conversations.  
  • Find related images—such as pictures of the same room or pictures with similar scenery—with the Find Similar Pictures feature. 

Tips & Tricks // AXIOM Reporting Now & Then – Exploring AXIOM’s updated reporting features in AXIOM 4.0

In this Tips and Tricks we will explore AXIOM’s new reporting features and show improvements. Additionally, we will share tips and tricks for users of previous versions of AXIOM to produce desired output comparing how things were done in older versions. We will demonstrate several features such as how to hide and reorder columns a as well as how to create templates that can be reused to save time in future report generation and to standardize reports across an organization.


Tips & Tricks // Opportunities to Find Cloud Data with Magnet AXIOM

It’s very possible that you might have the chance to find cloud evidence while examining computer and mobile evidence in Magnet AXIOM. In this Tips & Tricks webinar, we’ll show you some telltale signs of cloud data sources to look out for when collecting and analyzing computer and mobile data. That cloud evidence could be what unlocks a case, so you’ll want to make sure you’re not leaving any evidence behind.


Tips & Tricks // Acquiring and Analyzing Microsoft Teams Data

Now more than ever, organizations are faced with the need for remote collaboration and many have turned to Microsoft Teams to fill that need. Whether exporting MS Teams data directly from the Microsoft 365 Compliance Center or directly acquiring that data with the Magnet AXIOM Cyber API, examiners have the power to process and analyze the evidence all in a single case file. In this Tips and Tricks webinar, we’ll walk through all of the acquisition options available and utilize AXIOM Cyber to analyze the data.


Tips & Tricks // AXIOM Performance Optimization

In this Tips & Tricks webinar, Brandon Waters, Solutions Consultant, will review how to leverage overlooked performance-enhancing features like temp file location, search speed, and memory analysis search speed along with GPU support for Magnet.AI and how to adjust Windows environmental settings to further improve performance.


Tips & Tricks // Using File System Explorer in Magnet AXIOM

Join Craig Guymon, Director of Solution Consulting, to learn how to take advantage of AXIOM’s File System explorer in your investigations. In this Tips & Tricks webinar, Craig will review several powerful examination techniques that leverage the file system, including how to:

  • Create an artifact from a file system file like an executable or log file that can be reported on from the Artifact Explorer
  • Save artifacts from the file system to a zip container and keep artifact dates and times intact
  • Effectively narrow down the scope of relevant user artifacts from the Artifact Explorer (View Related Artifacts)
  • Use the database viewer and plist viewer in the Artifact Explorer
  • Use the File system explorer to perform MD5/SHA1 value exports of known good files that can be used later as an “ignorable” list

Tips & Tricks // Aiding ICAC Investigators with Technology Integrations

Many technologies used to capture, categorize, and analyze pictures and videos complement one another, filling gaps in the investigative toolbox. However, when organizations come together to integrate their technologies, they can amplify their results, resulting in aiding more victims.

Join Trey Amick, Manager of Forensic Consultants, in this Tips & Tricks webinar where he’ll demonstrate different technologies that have been integrated into a variety of Magnet tools to help assist ICAC investigators in their investigations. Integrations being discussed during this webinar will include Child Rescue Coalition CPS Data Exports in AXIOM, CRC CSAM detection in Magnet Outrider, and the ability to import NCMEC reports into Outrider for searching against a target machine.


Tips & Tricks // Using Grading and AI for Officer Wellness

Magnet AXIOM has a number of features that have been specifically designed to improve officer wellness in the course of CSAM investigations. In this Tips and Tricks session, Rhys Tooby, Solution Consultant, will walk you through a workflow that can assist with these investigations — addressing the unique challenges and the effects of chronic exposure to CSAM with grading and AI features.


Tips & Tricks // Capture & Scan More Data with Even Faster Speed in OUTRIDER 2.0

Join Trey Amick in this Tips and Tricks session where he’ll review the latest release of Magnet OUTRIDER, a triage tool designed to perform lightning fast previews of computers and external drivers either while in the field or back in the lab. Trey will provide quick tips to maximize your use of OUTRIDER 2.0 and discuss additional time savings for investigators to utilize while collecting and triaging evidence in the field.


Tips & Tricks // Download Your Data

There are multiple cloud platforms that allow users to access their own information directly by requesting it from the Cloud service provider, which could prove extremely valuable in your investigation if you have access from a compliant witness or victim. Magnet AXIOM supports the processing and analysis of many of these evidence sources, such as Facebook, Google, and Skype. In this Tips and Tricks session, join Tarah Melton, Forensic Consultant, to demonstrate the collection and analysis of these types of data and how beneficial it could be in your investigations to get to that data much quicker than a warrant return.


Tips & Tricks // Using Magnet AXIOM for Triage On-Site

Join Jamey Tubbs, Director of Training Operations, to discuss how you can use Magnet AXIOM to conduct onsite triage. You’ll learn how to filter in preview to view images, play videos and see the contents of a file. We will also discuss timing and how an examiner can quickly get to the file system and assess the landscape for any egregious files, as well as what factors can impact preview speeds.


Tips & Tricks // Looking at the Source Data to Support an Artifact

In this Tips & Tricks webinar, we will show you how to dig deeper and validate evidence using the Locate Source feature. Join Jessica Hyde, Director of Forensics, as she show you how to locate files and the hex for artifacts parsed from files, unallocated space, registries, SQLite databases, and more. We will explore artifacts that use multiple sources and how to tell what table and row a specific artifact was parsed from. Additionally, we will show how to reverse source link from the file system allowing you to see what artifacts have been parsed from a specific file or folder and how this can be useful in your investigations. These tips and tricks regarding locating source will be helpful in validating and understanding artifacts in your results.


Tips & Tricks // Using Community Created Custom Artifacts in AXIOM

Did you know that there are approximately 150 community created artifacts on the Magnet Artifact Exchange?  In this presentation we will discuss how to utilize these artifacts to get more evidence from your cases. These community created artifacts cover a variety of needs from supporting unsupported artifacts, to identifying specific file types, to allowing for the ingestion of results from other tools to allow for analysis within AXIOM! We will demonstrate how to obtain, load, and utilize these artifacts in bulk as well as individually. These tools allow you to look at results from iLEAPP, ALEAPP, Bulk Extractor and other tools alongside results parsed by AXIOM. We will also show where these results will exist in your case and how to use them. Join Jessica Hyde, Director of Forensics, for this informative session and get more parsed results in your cases!


Tips and Tricks // Processing Memory Images

Did you know that you can process memory images in Magnet AXIOM? In this Tips & Tricks session, learn how to bring in a memory image and select the proper profiles in AXIOM. See how to parse both memory specific artifacts and other artifacts like windows event logs and internet related artifacts. Join Tarah Melton, Forensic Consultant, as she shows you how to ingest memory into your cases alongside your other evidence to get the most out of your cases.


Tips & Tricks // Troubleshooting For Remote Acquire

Join us for a Tips & Tricks webinar hosted by Dallas Jordan where he’ll demonstrate how you can troubleshoot some potential roadblocks you may come across with Remote Acquire. We will show you how you can use AXIOM logs to help troubleshoot some issues that users have run into in the past when trying to deploy our agent for remote collections on both Windows and Macs including strategies to resolve any of these potential issues.


Tips & Tricks // Targeted Processing

Wondering how to save time processing images in Magnet AXIOM? In this Tips & Tricks session, learn about ways to target your processing to get more rapid results. Join Jessica Hyde, Director of Forensics, as shows us how to do selective processing on a subset of locations of evidence, different search types, and how to use Artifact Profiles to target parsing and carving. By selectively targeting both locations processed and artifacts processed, an examiner can often get to the evidence more quickly. We will also demonstrate how to then process the additional artifacts and files not initially processed at a later time if necessary for your case.


Tips & Tricks // Acquiring and Parsing Sysdiagnose Log Archives from iOS Devices in AXIOM

When full file system acquisitions are not available for iOS devices, several key artifacts will be missed from examinations. In order to obtain several of these key pieces for investigation, examiners should understand how to capture log files from the device as well as techniques to extract and analyze them. This presentation will discuss ways to generate and then extract sysdiagnose log archives and load them into AXIOM. Once inside AXIOM examiners will learn what can be parsed using artifacts that already exist as well as ways to extend this data with open source tools.


Tips & Tricks // APK App Simulator

With the millions of applications available to users on Android devices, it becomes impossible for commercial tools to be able to parse and support them all. However, analyzing unsupported applications can sometimes be critical to your digital forensics investigations. In this session, we’ll explore one method of Android App Analysis by virtualizing the data using our free tool, the MAGNET App Simulator. You’ll see how to take application data from your case and use the App Simulator to visualize that data in a familiar, virtual Android environment.


Tips & Tricks // Magnet AXIOM Cyber Remote Agent

In this Tips & Tricks webinar, join us to discuss remote collection from endpoints on prem or over the Internet. In this session we’ll walk through Agent creation, deployment, and connection to acquire data from remote endpoints within your environment. We’ll also run AXIOM Cyber from the cloud and collect data from an off network remote endpoints over the Internet. The AXIOM Cyber agent provides immediate access to and the ability to acquire data from Windows and Mac endpoints (whether they are geographically distant or in the same room). Lynita Hinsch, Solutions Consultant, will discuss all encompassing aspects of the remote agent and best practices for remote collection.


Tips & Tricks // Rebuilt Desktops

Looking for a lead? Where do I start? I’d think about the Rebuilt Desktop artifact in AXIOM. In this Tips & Tricks webinar, we will explore how to display an approximation of the users desktop in both Windows and Mac systems within AXIOM. This not only saves you time in having to virtualize the users system yourself but also gives a great place to start an investigation! Join Larry McClain of the Magnet Training Team for a discussion of this artifact and what it can mean for your investigations.


Tips & Tricks // Simple AXIOM Features That Improve Case Efficiency

Certain simple features in AXIOM are commonly overlooked, but they are extremely powerful when looking for that needle in the haystack. This session will go over some of those features, like column filtering, right-click functionality from the file system, relative time filter, saving HTMLs of chat messages, and more, and explain how they can be useful to your investigations.


Tips & Tricks // Decrypting Application Data Using the iOS Keychain and Graykey

There are several artifacts that can be decrypted with data from the iOS Keychain. In this Tips and Tricks, we will show you how to look at Keychain data, such as that available with a Keychain image and use that data to decrypt a data from different artifacts. In this session, Jessica Hyde will show you some processing best practices to help you be able to unlock more parsed results from the iOS Keychain.


Tips & Tricks // Writing a Custom Artifact

Join Forensic Consultant Mike Williamson as he demos some strategies for writing your own custom artifacts without any prior experience. Building on Jessica Hyde’s custom artifact tips & tricks sessions from last year, we will cover the use of Magnet Custom Artifact Generator (free tool) to greatly accelerate your initial steps, the custom artifact developer documentation, and general tips for getting started. We will primarily focus on the SQLite-parsing artifacts but also include some info on the python-style artifacts.


Tips & Tricks // Knowledge(C) is Power – Analyzing the KnowledgeC.db with AXIOM

Magnet AXIOM has numerous artifacts derived from the KnowledgeC.db found on both iOS and macOS. In this Tips & Tricks session, we’ll highlight how examiners can use this database to aid in their investigations, shedding light on the pattern of life usage of the device being analyzed, as well as how to build timelines from the information found within.