Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

CY200 Magnet AXIOM Cyber Examinations

Magnet AXIOM Cyber Examinations (CY200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to AXIOM Cyber.

Description

Magnet AXIOM Cyber Examinations (CY200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to AXIOM Cyber.

This course is meant for examiners who have the AXIOM Cyber product and features exercises that are geared toward its features versus the standard version of AXIOM. Remote computer acquisition, agent creation and deployment, and admin-level cloud account acquisitions of corporate platforms will be covered. 

Please note the CY200 is essentially the AXIOM Cyber version of AX200. If you’ve already taken AX200, we would advise that you do not take CY200. If you are Law Enforcement, we would recommend that you take AX200 instead.

Course Prerequisites

None

Course Objectives

MODULE 1: INTRODUCTION AND INSTALLATION OF MAGNET AXIOM

  • Learning objectives will be presented along with expected outcomes over the course’s four days.
  • Hands-on exercises will allow you to install Magnet AXIOM and learn about its associated programmatic components: AXIOM Process and AXIOM Examine

MODULE 2: EVIDENCE PROCESSING AND CASE CREATION

  • All settings in AXIOM Process will be discussed to ensure the use and effectiveness of Magnet AXIOM are maximized during processing — all while decreasing processing time and increasing effectiveness.
  • Collection from different evidence sources such as computer-based media (hard disks, memory cards, USB devices), cloud data, and mobile devices will be discussed and demonstrated.
  • Hands-on exercises will focus around processing details such as adding keywords to search and the importance of selecting the different encoding available for “All Content” searches (ASCII, Unicode…), hashing functionality and the varying types of hash sets such as gold-build image hashes. During this exercise, students will also be shown the capabilities of setting options for each supported artifact, and how to turn off specific artifacts to speed the processing of evidence files
  • Demonstrate the agent setup options and deployment of the agent to remote target computers in support of remote acquisition of partitions, physical drives and/or RAM on both Windows and macOS based computers.  This walk through and exercise will include how to create, deploy, and connect to an agent on a remote system as well as what information can be collected.
  • At the conclusion of this module, students will be able to successfully acquire forensic images from various evidence sources; configure case-specific and global settings in AXIOM Process for the recovery of key artifacts; and, create a case for analysis in AXIOM Examine.

 MODULE 3: COMPUTER ARTIFACT ANALYSIS – OPERATING SYSTEM ARTIFACTS

This module will focus on operating system artifacts most commonly encountered during the analysis of computer evidence recovered from the Windows Registry.

  • The Registry Explorer will be utilized to validate artifacts recovered from the registry and populated in the Operating System Artifact Category.
  • Investigation and tracking of USB devices, Jump Lists, Prefetch files, LNK Files, Windows Notification Center, Operating System Information, Shellbags, Timezone Information, User Accounts, User Assist, Virtual Machines, and Windows Event Logs are all a part of this lesson and how the data correlates with each other to tell a story of computer usage and put a person behind the computer while the nefarious acts took place.

 MODULE 4: WEB RELATED

  • Learn how the most popular browsers store items like internet history, favorites and bookmarks, and how each one stores information in their respective databases. Chrome, Firefox, Internet Explorer, Edge, Opera and Apple Safari store artifacts differently and being able to track and recover artifacts from the web browsers to correlate the information discussed in previous lessons is paramount to solving cases.
  • Webcache will be used in this lesson to rebuild webpages of interest to the student. Autofill information will also be examined in this lesson to glean information that was typed in and saved by the user.

 MODULE 5: REFINED RESULTS

  • The Refined Results Artifact Category of AXIOM Examine is defined to combine and refine artifacts recovered into specific subcategories of artifacts for most commonly sought-after items of evidence.
  • Learning Magnet AXIOM’s artifact-first forensics approach is a major part of this lesson and refined results plays a huge part of that. For example, most examiners at some point during a computer forensics examination will want to know what the subject searched for using Google, as Google is the most commonly used search engine. Refined Results contains an Artifact category aptly named Google Searches where all Google Searches, independent of the browser used, are categorized in one place for ease of use.
  • Creating Profiles of the suspect and victim on the individual items of evidence from the information recovered in the Refined Results “Identifiers Artifact” category will allow the examiner to search across multiple devices cross platform to retrieve and correlate data from one piece of evidence to another.
  • Utilize the Artifact Reference and the user’s guide to continue to keep updated on the new artifacts supported within new releases of AXIOM.

 MODULE 6: EMAIL

  • Learn how to recover emails and email attachments from mail clients.
  • Review, sort, filter and tag emails, as well as search through their transport message headers and their attachments to retrieve valuable information pertaining to the investigation.
  • Gain an understanding of source linking as it relates to emails and understand the results found in the Details and Content cards of AXIOM.
  • Finally, students will discover the ease of the export functionality to export email artifacts and their attachments into numerous formats supported by AXIOM Examine.

 MODULE 7: DOCUMENTS

  • Gain an understanding of the differing views of documents as well as the metadata of files and what the relevance of the numerous dates and times and what they could mean to the examination.
  • Utilize Magnet AXIOM to save artifacts externally from AXIOM and the formats used during the export functionality.
  • Explore the ability to maximize the filtering, sorting and search potential of documents via the filters bar and metadata searches using AXIOM. Utilizing a stacked filter approach will allow the separation of large amounts of data found within evidence files from the actual data being sought after.

MODULE 8: MEDIA

  • Learn about image and video artifacts and how the differing views of Magnet AXIOM make it easy to review them.
  • AXIOM’s filmstrip view concerning videos and thumbnail view for images will be introduced.
  • EXIF data and how the sorting and filtering of the EXIF data including geolocation information, camera make, model, and serial number will be explained to allow for the categorization of images in an expedient and efficient manner in preparation for writing a final report.
  • Maximize the use of Magent.AI to automatically categorize images using the power of the CPU and GPU into multiple categories including possible documents, ID cards, screen captures, and human faces and many more.
  • Learn about the Timeline and Connections explorers and how the utilization of those explorers help visualize how artifacts are connected to one another. The analytics of Timeline and Connections explorers will also help examiners connect key pieces of evidence together to tell the entire story of who, what, when, where, and how the suspect artifacts came to be on the system and if the artifacts were distributed through cloud storage, email, or chat.

MODULE 9: MOBILE

  • This module is comprised of two parts: Extracting information from an Android device and exploring its artifacts.
  • Learn about device file systems and structures to recover additional information, including device owner information; third party application data; core operating system data; internet browser data; and more.
  • The hands-on exercise will also work through AXIOM’s Dynamic App Finder so that examiners who are conducting mobile device examinations can look for SQL databases belonging to apps currently unsupported by AXIOM in the core product.  This will allow them to be produced as an artifact within AXIOM Cyber as an artifact within AXIOM Examine, thereby supporting mobile apps which are new.

 MODULE 10: CHAT

  • Magnet AXIOM employs several different explorers that can be used in Magnet AXIOM Examine to view Artifacts and information within the casefile in a much more efficient and expedient workflow. The Dashboard, Artifact, File System, and Connections explorers are utilized to look at evidence associated with chat related activities including Skype and Windows Your Phone.
  • Conduct searches, as well as how to use the many AXIOM Examine filtering options and functionality to identify key Chat artifacts from file, folder, and database structures. Utilizing the built-in SQLite browser within AXIOM Examine, students will validate what artifacts are recovered from the Your Phone SQLite database.
  • AXIOM Examine will be used to rebuild chats into a conversation view, as seen on most mobile devices, commonly used on mobile devices which examiners and users are accustomed to.
  • Also learn how to tag and comment on key artifacts in preparation for case reporting and how to enable Magnet.AI to assist in investigations dealing with Chat classification.

MODULE 11: CLOUD

  • With the proliferation of cloud storage and the acceptance of it in both the corporate environment as well as the home-user environment, it is important for all examiners to understand the artifacts that remain in the cloud, which may not be stored on local media.
  • Discovering cloud artifacts and putting together what the capabilities of AXIOM are, in reference to cloud collection and examination, will be discussed.
  • Understanding how to use Admin-level accounts to acquire data without using a user’s direct credentials from services such as O365, Box.com, AWS, and Google (G Suite).
  • Acquiring, reviewing and correlating information and artifacts recovered from enterprise services like Microsoft Teams and Slack in support of the examination will be conducted.

 MODULE 12: ENCRYPTION/ANTI-FORENSICS

  • Understand the importance of looking for encryption and anti-forensics tools and how AXIOM categorizes those artifacts into a specific artifact category, enabling a quick identification if either category of software is being employed on the suspect media.

  • Track an encryption program from installation and activation, to use on the suspect system and the timeline associated with each.

 MODULE 13: REPORTING

  • Explore the various exporting and reporting features available within AXIOM Examine used for the presentation of case evidence and collaboration with other investigative stakeholders.

  • Through the scenario-based instructor-led, and student practical exercises, learn how to manage the exporting of artifacts; produce and merge portable cases; and create a final investigative case report which is easily interpreted by both technical and non-technical recipients.

 MODULE 14: CUMULATIVE REVIEW EXERCISES

  • A final scenario-based practical exercise will be administered, which represents a cumulative review of the exercises conducted in each of the previous modules.

Additional Information

Who Should Attend: Participants who are unfamiliar with the principles of digital forensics
Advanced Preparation: None
Program Level: Intermediate-level
Field of Study: Computer Software & Applications
Delivery Method:  Group Internet Based & Group Live

Refunds and Cancellations: Training Course(s) can be rescheduled to a later date or cancelled by either Magnet Forensics or you without charge or penalty if written notice is received twenty-one (21) days or more prior to the date of the Training Course. No rescheduling shall be permitted on less than twenty-one (21) days written notice, which shall constitute a cancellation without a refund. Your written rescheduling or cancellation notice must be emailed to training@magnetforensics.com or contact 226-499-8962. If Magnet Forensics cancels a Training Course due to insufficient attendance, you will have the option to register in a different scheduled Training Course or receive a full refund. Please do not book travel until you have confirmed that the Training Course will be running.

Magnet Forensics is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:www.nasbaregistry.org.

Interested in Private Training or Hosting a Training Class?

Similar courses

AX100 Forensics Fundamentals

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics.

More Information
AX301 MAGaK (Magnet AXIOM & GrayKey) Advanced iOS Examinations

This course is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS examinations and the use of the GrayKey device.

More Information
AX250 Magnet AXIOM Advanced Computer Forensics

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations.

More Information
AX300 Magnet AXIOM Advanced Mobile Forensics

This course is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to improve their mobile device investigations.

More Information
AX200 Magnet AXIOM Examination

Magnet AXIOM Examinations (AX200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to AXIOM.

More Information
AX310 Magnet AXIOM Incident Response Examinations

This course is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and are seeking to expand their knowledge on advanced forensics and incident response techniques as well as improve computer investigations in relation to incident response.

More Information
AX320 Magnet AXIOM Internet & Cloud Investigations

This course is an intermediate-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base into cloud-based and social media forensics.

More Information
AX350 Magnet AXIOM macOS Examinations

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on macOS and the forensic analysis of devices using the APFS file system and AXIOM.

More Information
AX200 Magnet AXIOM Examination Online Self Paced

Magnet AXIOM Examinations (AX200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to AXIOM.

More Information
AX250 Magnet AXIOM Advanced Computer Forensics Online Self Paced

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations.

More Information
Magnet Certified Forensics Examiner - AXIOM

The Magnet Certified Forensics Examiner (MCFE) certification is an accreditation that showcases an examiners’ expert-level competence with Magnet Forensics products to peers, internal stakeholders and external audiences, including legal teams or clients. Our certification program is free to users who have completed the prerequisite training courses.

More Information
TAP (Training Annual Pass)

TAP lets you pay once but train continuously. For a price of $5,995 US, you can attend any Magnet Forensics Training class at any time, at any location throughout the following 12 months. But TAP doesn’t stop in the classroom. You can also attend our world-class online training offerings, both Online Instructor-Led, and Online Self-Paced.

More Information
IEF 200 Magnet IEF Examinations Online Self-Paced (OSP)

IEF Examinations (IEF200) is an intermediate level course, designed for participants who are familiar with the principles of digital forensics, and seeking to use Magnet IEF for their investigations. Whether you are looking to gain expertise in smartphone or computer digital forensics using IEF, IEF200 is the right course for you.

More Information
Magnet Certified Forensics Examiner - IEF

The Magnet Certified Forensics Examiner (MCFE) certification is an accreditation that showcases an examiners’ expert-level competence with Magnet Forensics products to peers, internal stakeholders and external audiences, including legal teams or clients. Our certification program is free to users who have completed the prerequisite training courses.

More Information
AX302 Magnet AXIOM Advanced iOS Examinations

This course is an intermediate-level two-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS file system examinations.

More Information
AX100 Forensic Fundamentals Online Self Paced

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics.

More Information

Press enter to see more results