AX200 Axiom Examination

Magnet Axiom Examinations (AX200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to Axiom. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

Description

Magnet Axiom Examinations (AX200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to Axiom.

What to expect

Hear directly from Danny Norris, a Forensics Trainer at Magnet Forensics, about how he brings his experience in the field to the classroom and how AX200 can help you maximize your potential when working with digital forensics tools.  

Course prerequisites

None

Course objectives

Module 1: Introduction and installation of Magnet Axiom

  • Learning objectives will be presented along with expected outcomes over the course’s four days.
  • Hands-on exercises will allow you to install Magnet Axiom and learn about its associated programmatic components: Axiom Process and Axiom Examine

 Module 2: Evidence processing and case creation

  • All settings in Axiom Process will be discussed to ensure the use and effectiveness of Magnet Axiom are maximized during processing — all while decreasing processing time and increasing effectiveness.
  • Collection from different evidence sources such as computer-based media (hard disks, USB devices), cloud data, and mobile devices will be discussed and demonstrated.
  • Hands-on exercises will focus on processing details such as adding keywords to search and the importance of selecting the different encoding available for “All Content” searches (ASCII, Unicode…), hashing functionality and the varying types of hash sets such as NSRL, Project VIC/CAID, and gold-build image hashes. Optical character recognition and Magnet.AI will be discussed and demonstrated, during this module, students will also be shown the capabilities of setting options for each supported artifact, and how to turn off specific artifacts to speed the processing of evidence files.
  • At the conclusion of this module, students will be able to successfully acquire forensic images from various evidence sources; configure case-specific and global settings in Axiom Process for the recovery of key artifacts; and, create a case for analysis in Axiom Examine whilst understanding the available functions Axiom Process offers.

 Module 3: Operating system artifacts part 1

  • This module will focus on operating system artifacts most encountered during the analysis of computer evidence recovered from the Windows Registry.
  • The Registry and Timeline explorers will be utilized to validate and corroborate artifacts recovered from the registry and populated in the Operating System Artifact Category.
  • Students will learn to collect basic information from the Operating System by using key artifacts such as Operating System Information, File System Information, User Accounts, and Installed Applications. Students will also understand where these artifacts are located and how to validate the source data.

Module 4: Encryption / anti-forensics

  • Understand the importance of looking for encryption and anti-forensics tools and how Axiom categorizes those artifacts into a specific artifact category, enabling a quick identification if either category of software is being employed on the suspect media.
  • Utilizing the post-processing functionality of Axiom through instructor-led exercises, students will utilize the encryption plugins of Axiom Process to identify, decrypt, and process additional evidence into an existing case.

  Module 5: Refined results

  • The Refined Results artifact category of Axiom Examine is defined to combine and refine artifacts recovered into specific subcategories of artifacts for commonly sought-after items of evidence.
  • Learning Magnet Axiom’s artifact-first forensics approach is a major part of this lesson and refined results play a huge part in that. For example, most examiners at some point during a computer forensics examination will want to know what the subject searched for using Google, as Google is the most used search engine. Refined Results contains an artifact category aptly named Google searches where all Google Searches, independent of the browser used, are categorized in one place for ease of use.
  • Creating profiles of the suspect and victim on the individual items of evidence from the information recovered in the Refined Results “Identifiers Artifact” will allow the examiner to search across multiple devices cross-platform to retrieve and correlate data from one piece of evidence to another.
  • Different levels of filtering will be explored, including filtering on specific columns and filtering on entire evidence sets with both ‘Basic’ and ‘Advanced’ filters, students will also learn how to save advanced filters which can be utilized in future cases.

 Module 6: Web related

  • Learn how the most popular browsers store items like Internet history, favorites, and bookmarks, and how each one stores information in their respective databases. Google Chrome, Firefox, and Microsoft Edge, store artifacts, and being able to track and recover artifacts from the web browsers to correlate the information discussed in previous lessons is paramount to solving cases.
  • Autofill and previous search information will also be examined in this lesson to glean information that was typed in and saved by the user.

 Module 7: Communications

  • Learn how to recover emails and email attachments from mail clients.
  • Review, sort, filter, and tag emails, as well as search through their transport message headers and their attachments to retrieve valuable information pertaining to the investigation.
  • Gain an understanding of source linking as it relates to emails and understand the results found in the Details and Content cards of Axiom.
  • The analytics of the Connections explorers will also help examiners connect key pieces of evidence together to tell the entire story of who, what, when, where, and how the suspect artifacts came to be on the system and if the artifacts were distributed through cloud storage, email, or chat.
  • Finally, students will discover the ease of the export functionality to export email artifacts and their attachments into numerous formats supported by Axiom Examine.
  • Explore how Android devices store SMS/MMS messages in SQLite databases.
  • Utilize the conversational view to rethread messages into their relevant chats and in a ‘message bubble’ format easily review the individual messages in a friendly-to-read format.

 Module 8: Documents

  • Gain an understanding of the differing views of documents as well as the metadata of files and the relevance of the numerous dates and times and what they could mean to the examination.
  • Utilize Magnet Axiom to save artifacts externally from Axiom and the formats used during the export functionality.
  • Explore the ability to maximize the filtering, sorting, and search potential of documents via the filters bar and metadata searches using Axiom. Utilizing optical character recognition (OCR) will easily allow for words to be extracted from PDFs and pictures making the content of those files keyword searchable.

  Module 9: Operating system artifacts part 2

  • This module will continue to focus on artifacts found within the Operating System category and how those artifacts will help steer the investigation.
  • Students will learn to understand information from the Operating System by using key artifacts such as LNK Files, USB Devices, UserAssist, Jump Lists, and more.

  Module 10: Media

  • Learn about image and video artifacts and how the differing views of Magnet Axiom make it easy to review them.
  • Axiom’s filmstrip view concerning videos and thumbnail view for images will be introduced.
  • EXIF data and how the sorting and filtering of the EXIF data including geolocation information, camera make, model, and serial number will be explained to allow for the categorization of images in an expedient and efficient manner in preparation for writing a final report.
  • Understand the Officer Wellness feature and how to grade media for illicit image cases within Axiom.
  • Maximize the use of Magent.AI to automatically categorize images using the power of the CPU and GPU into multiple categories including possible documents, ID cards, screen captures, and human faces and many more.
  • The Media Explorer will be introduced allowing the user to deep dive into media types, identify potential distribution markers, apply extensive filtering, and sort files, and utilizing hit-stacking examiners can quickly identify multiple copies of the same videos and pictures.

  Module 11: Cloud

  • With the proliferation of cloud storage and the acceptance of it in both the corporate environment as well as the home-user environment, it is important for all examiners to understand the artifacts that remain on the cloud, which may not be stored on local media.
  • During this discussion, we will explore Axiom's capabilities for cloud collection and examination by identifying cloud artifacts.
  • Being able to combine data from computers, mobile devices, and the cloud into one case and to utilize the power of Axiom to correlate that data in case it is in multiple places on a suspect’s many devices could prove to be the catalyst in solving an investigation.

 Module 12: Reporting

  • Explore the various exporting and reporting features available within Axiom Examine used for the presentation of case evidence and collaboration with other investigative stakeholders.
  • Through the scenario-based instructor-led and student practical exercises, learn how to manage the exporting of artifacts; produce and merge portable cases; and create a final investigative case report that is easily interpreted by both technical and non-technical recipients.
  • Configure the reporting wizard to easily set predefined reports allowing continuity between organizational reports. 

 

 

Additional information

Who should attend: Participants who are unfamiliar with the principles of digital forensics
Advanced preparation: None
Program level: Intermediate 
Field of study: Computer software & applications
Delivery method: Group live

Refunds and cancellations: Training Course(s) can be rescheduled to a later date or cancelled by either Magnet Forensics or you without charge or penalty if written notice is received twenty-one (21) days or more prior to the date of the Training Course. No rescheduling shall be permitted on less than twenty-one (21) days written notice, which shall constitute a cancellation without a refund. Your written rescheduling or cancellation notice must be emailed to training@magnetforensics.com or contact 202.984.3417. If Magnet Forensics cancels a Training Course due to insufficient attendance, you will have the option to register in a different scheduled Training Course or receive a full refund. Please do not book travel until you have confirmed that the Training Course will be running.

Magnet Forensics is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:www.nasbaregistry.org.

Interested in private training or hosting a training class?

Similar courses

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics. Magnet Forensics Training is hosted in a variety of time zones. Prior to registration, please confirm the time zone for the class you wish to register in. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

GK200 is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and are seeking to expand their knowledge base into iOS and Android examinations using Magnet Graykey. Students must be part of a law enforcement agency and must be cleared in advance to attend this course.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to improve their mobile device investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

AX310 is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and incident response techniques and want to improve computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an intermediate-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base into cloud-based and social media forensics. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on macOS and the forensic analysis of devices using the APFS file system and AXIOM. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an intermediate-level two-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS file system examinations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

Digital Video Investigations with Magnet Witness (DV200) is a beginner-level course, designed for participants who are not yet familiar with the concepts of the recovery and analysis of digital video files from commercially available digital video recorders.

More Information

Magnet Axiom to Cyber Transitions is ideal for those who are looking to continue their education and transition into the unique features of Axiom Cyber after taking the Axiom Examinations (AX200) course.

More Information

Magnet Axiom Examination (AX200 Microlearning) is ideal for those who are relatively new to forensics and want to learn how to utilize Axiom to get the most out of the forensic platform. Axiom is a platform that covers cases involving mobile device, computer, and cloud data in a single collaborative interface. Students will learn the workflows of how to interrogate and investigate devices containing digital media.

More Information

Core Mobile Acquisition and Analysis (AX150) is a beginner level course, designed for participants who are unfamiliar with the principles of mobile forensics. The course focuses on iOS and Android devices from the point of collection to the point of analysis whilst exploring Magnet Axiom and Magnet tools such as Magnet Acquire, the Magnet Custom Artifact Generator (MCAG) and Magnet Axiom Dynamic App Finder.

More Information

Core Mobile Acquisition and Analysis (AX150 Microlearning) is a beginner level course, designed for participants who are unfamiliar with the principles of mobile forensics. The course focuses on iOS and Android devices from the point of collection to the point of analysis whilst exploring Magnet Axiom and Magnet tools such as Magnet Acquire, the Magnet Custom Artifact Generator (MCAG) and Magnet Axiom Dynamic App Finder.

More Information

Magnet Axiom Advanced Mobile Forensics (AX300 Microlearning) details the use of Magnet Axiom’s advanced mobile analysis capabilities. Students will learn advanced analysis techniques and leverage Magnet Axiom Examine to become proficient in investigating advanced aspects of full file system extractions of both iOS and Android devices.

More Information

The Magnet Griffeye Examinations Course is a 3-day training course designed for students who have attended the Magnet Griffeye Lite online course or have already attained proficiency in Magnet Griffeye Advanced. The course is designed to equip you with the necessary skills and tools to handle media files effectively during a criminal investigation, thereby maximizing the productivity of the tool.

More Information

Digital Video Investigations with DVR Examiner (DV200) is a beginner-level course, designed for participants who are not yet familiar with the concepts of the recovery and analysis of digital video files from commercially available digital video recorders.

More Information

Magnet Verakey Examinations (VK200) is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to improve their mobile device investigations.

More Information

Magnet Axiom’s Portable Case is a lightweight version of the full capabilities found in Axiom—designed for easy access and analysis of forensic findings. It shares the ability to investigate the case data from digital devices and produce reports with non-technical stakeholders, such as investigators and attorneys.

More Information

Magnet Griffeye Lite is a limited, free version of Griffeye offered to law enforcement officials to navigate digital media more efficiently. In this free tutorial, available in numerous 20-minute-or-less modules, attendees will see how they can make the most out of their use of Griffeye Lite, including how to use the software, applying searching and filtering techniques, as well as creating reports and exporting.

More Information

This course will prepare students to use Medex in complex authenticity or file origin cases and provide expert opinion testimony in court. Students will gain foundational knowledge of how digital video is encoded and stored in order to provide an expert analysis of it. It will also focus on the use of Medex in performing complex authentication examinations of digital video (including deepfake videos) as well as identifying the source of unknown video files.

More Information