Axiom to Axiom Cyber Transition
Magnet Axiom to Cyber Transitions is ideal for those who are looking to continue their education and transition into the unique features of Axiom Cyber after taking the Axiom Examinations (AX200) course.
Description
This course is the perfect continuation point for examiners who are upgrading to Axiom Cyber.
This course is meant for examiners who have the Axiom Cyber product and features exercises that are geared toward its features versus the standard version of Axiom. Remote computer acquisition, agent creation and deployment, and admin-level cloud account acquisitions of corporate platforms will be covered
Course prerequisites
AX200 is required
Course modules
MODULE 1: COURSE INTRODUCTION
- Learning objectives will be presented along with expected outcomes.
- Hands-on exercises will allow you to install Magnet Axiom Cyber and learn about its associated programmatic components: Axiom Process and Axiom Examine.
MODULE 2: PRE-ACQUISITION AND PREPERATION
This module will focus on setting up environments appropriately in your environment for using Axiom Cyber to do remote acquisitions.
- Windows settings and networking services will be covered to allow for Axiom Cyber to acquire data from the Windows platform.
- macOS settings and permissions as well as networking services will be covered to allow for Axiom Cyber to acquire data from the Windows platform.
- Topics around what can and cannot be acquired depending on the level of access will be covered.
MODULE 3: REMOTE ACQUISITION
- This module will cover the Remote Acquisition function of Axiom Cyber and its options and various components.
- Students will learn how to build various agents for both Windows and macOS platforms.
- Information on connecting to multiple endpoints and surviving client shutdowns will be discussed.
- What types of images can be acquired from specific platforms will be covered.
- This module is meant to be consumed in a play/pause method so examiners can practice these steps in their own environments.
MODULE 4: CLOUD
- With the proliferation of cloud storage and the acceptance of it in both the corporate environment as well as the home-user environment, it is important for all examiners to understand the artifacts that remain in the cloud, which may not be stored on local media.
- Discovering cloud artifacts and putting together what the capabilities of Axiom are, in reference to cloud collection and examination, will be discussed.
- Understanding how to use Admin-level accounts to acquire data without using a user’s direct credentials from services such as O365, Slack, and AWS.