AX200 Axiom Examination Microlearning

Magnet Axiom Examination (AX200 Microlearning) is ideal for those who are relatively new to forensics and want to learn how to utilize Axiom to get the most out of the forensic platform. Axiom is a platform that covers cases involving mobile device, computer, and cloud data in a single collaborative interface. Students will learn the workflows of how to interrogate and investigate devices containing digital media.

Description

Magnet Axiom Examination (AX200 Microlearning) is ideal for those who are relatively new to forensics and want to learn how to utilize Axiom to get the most out of the forensic platform. Axiom is a platform that covers cases involving mobile device, computer, and cloud data in a single collaborative interface. Students will learn the workflows of how to interrogate and investigate devices containing digital media. 

Microlearning is designed to be consumable in very short lessons for those who are on the go and have little time to dedicate hours or days to learning. Single lesson microlearning lessons are the core of this learning modality.

What to expect

Explore the Magnet Microlearning

 

Micro lessons

 Course introduction – An overview of the course and how the training is provided.

Introduction to Magnet Axiom tools – An explanation of what Magnet Axiom is, including its two key components: Axiom Examine and Axiom Process.

Installing Magnet Axiom – Learn more about the installation process, including the minimum hardware requirements and how to best configure the software for your hardware specification.

Introduction to the dashner case scenario – This will be a fictional case scenario used throughout the course. This lesson will show you the digital evidence available to you and explain the context and relevance.

Configuring user settings in Axiom Process - Learn how to efficiently navigate through the different menus and controls in Axiom Process and configure the user settings to manage the way Axiom works for you.

Creating a case in Axiom Process - Understand how to start a new case ready for evidence and processing by setting up the key folders and case information.

Adding evidence sources in Axiom Process -  See what different sources Axiom supports and how to acquire and load new evidence into your case.

Adding processing details in Axiom Process – Covering the processing options for your loaded evidence, this lesson includes working with known hash sets for tagging and categorizing files, custom file types, and decrypting data using known passwords. Students will also discover how to use date range filtering and get to their evidence faster by choosing to postpone the carving of evidence.

Exploring Axiom examiner’s interface – This lesson covers the main menus and options in the Axiom Examine interface, including automatic post-processing actions such as building connections and picture comparison.

About the registry artifacts – Learn more about the functions of the Registry artifacts running a Windows operating system. Students will explore how an artifact category was populated and identify raw information in both hexadecimal encoding and plain text.

Validate registry information – Validating the information examiners are shown through any forensic tool is especially important in a digital forensics case, and this lesson will explore how the Registry explorer in Axiom can be used to validate information, using source and location links. This lesson also covers the use of third-party tools to validate the data.

Investigate OS and registry artifacts – Focusing on user accounts and time zone artifacts, this lesson will introduce students to tagging in Axiom and working with hexadecimal values.

Encryption & credentials artifacts within Axiom Examine – An introduction to working with encryption and anti-forensic artifacts, this lesson covers the identification of encrypted files or containers and the presence of anti-forensic software within the evidence.

Decrypting an encrypted bitlocker Drive – The case scenario handles methodologies for decrypting encrypted drives and adding this evidence to an existing case, including using Axiom to scan for recovery keys that will assist in decryption.

Refined results overview – Covering the uses of the Refined Results category and the different artifacts associated with it. Students will also be able to gain a solid understanding of applying filters and search options, as well as tagging evidential artifacts.

Cloud service url artifact – Review and understand the relevance of several cloud service artifacts and perform multiple searching and filtering to hone in on key evidence. The World Map View is shown to explore the location data stored in certain artifacts. 

Locally accessed files and folders artifact – A vital resource to track local documents and other file access, including being able to identify devices that might have earlier been attached to the computer. This lesson also explores the rebuilt user’s desktop and the use of identifiers and profiles, to track technology and people connected to the evidence.

SQLITE databases, web history, and web visits - Exploring all web-related artifacts is vital to the majority of digital forensic investigations. This lesson identifies key browser-related artifacts and how databases provide evidence for these artifacts. Students will be able to explore SQLite databases and how to find key material in a database using Axiom.

Downloads, cached content, and bookmarks - Understanding the relevance of cached web content found on the device is critical to a sound investigative mindset. This lesson will also cover JSON files and how to validate the data from the Artifacts explorer.

Session data - This lesson focuses on the use of Google Chrome, including maximizing the information obtained from Session Data, as well as cookies, and examining the different sources and types of web visits. This lesson also explores using the Time Range filter to track activity.

Identifying different email artifacts in Axiom - Navigating to the Email & Calendar category in Axiom allows the students to explore the emails, where they will learn how to read email headers and extract IP addresses and significant dates and times from the emails.

Recovering email attachments form mail clients supported by Axiom - Axiom understands the importance of quickly identifying files sent via email. This lesson allows students to understand how to work with emails and use the links to switch between attachments and source emails.

Searching emails in Axiom – Understanding the nature of emails will allow students to use advanced search filtering to quickly reduce a potentially huge email store, down to just a few key artifacts.

Identifying different document artifacts supported by Axiom - Learn how to work with Document artifacts and see how Axiom presents PDF documents and how to search through the content.

Reviewing document metadata in Axiom - This lesson covers reviewing and utilizing document metadata information, focusing on Microsoft Office documents, such as Word and PowerPoint.

Optical character recognition (OCR) in Axiom – See how to use the OCR function of Axiom and understand to extract text from PDFs and images.

Exploring OS artifacts – USB devices and LNK files - This lesson covers the importance of LNK files and how they relate to other artifacts. Students will get to use multiple artifacts together with time filtering to establish a chain of events from the evidence.

Exploring OS artifacts – mru docs, jump lists, prefetch Files - Understand the importance of Prefetch files and how they relate to program execution. This lesson will also explore Jump Lists and the rich data that can be parsed from this source.

Exploring OS artifacts – windows event logs - The Windows Event Logs can seem overwhelming at first, but this lesson will show students how to dive into the data and use the advanced filtering of Axiom, together with data collected from other artifacts to piece together activity caused by the suspect. This lesson also covers Windows Timeline, a lesser-known Windows component that tracks user activity across the computer.

Features of pictures and videos – This lesson will show how to identify the types of media supported by Axiom, including how to search for, locate, and tag files to review. Students will learn about image and video artifacts and how the differing views of Magnet Axiom make it easy to review and categorize them.

Features and functions of MagnetAI - Using automation is so beneficial to examiners and this lesson shows Content-Based Image Retrieval usage to find pictures relevant to the investigation. This lesson also introduces categorizing and grading images.

Features of officer wellness and media explorer - Continuing the categorizing of pictures, this lesson describes how Axiom makes it easy to protect those that have to categorize illegal content through a suite of Officer Wellness features. The Media Explorer is used to filter media based on grouping, including stacking images by hash.

Features of connections and timeline explorer - This lesson introduces working with Connections and the Timeline explorer so that students can identify related artifacts and data fragments. Students will also be able to export a CSV report from their cases.

Accessing android mobile device artifact in Axiom - An introduction to the acquisition, extraction, and analysis of mobile artifacts. Students will be able to describe the differences between acquisition types and the techniques required for Android and iOS devices.

Identifying different mobile artifacts in Axiom - This continued lesson shows students how to identify and analyze SMS and MMS messages, along with manually reviewing mobile data from the extraction tools used by Axiom. Students will be able to use Magnet.AI against the evidence to categorize conversations for sex-related or grooming content. This lesson details how this data may be synchronized across other devices.

Working with cloud data - Students will be introduced to the importance of capturing cloud data. The acquisition methods for cloud data are explored for a variety of platforms, as well as the in-depth analysis of cloud artifacts, including social media platforms and cloud storage providers.

Creating exports/reports in Axiom - Learn how to work this vital tool within Axiom to create templates for reports and customize the output for stakeholders. Students will get to create their HTML reports for the case scenario and review the dynamic features of such a report.

Working with portable cases – This lesson describes the process of creating a Portable Case for review by external or internal stakeholders. The use of tagging within Portable Case is described as it differs from Axiom. Lastly, the lesson covers the ability to merge a Portable Case back to the main case, and the important caveats to be aware of.

Exporting case artifacts from Axiom - There is often cause to export files from the case for external review. This lesson shows the students how to export file details as a CSV which can include file dates, MD5 and SHA1 hash lists and more. The lesson also covers exporting artifacts individually and in groups, including directly to a ZIP container.

Similar courses

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics. Magnet Forensics Training is hosted in a variety of time zones. Prior to registration, please confirm the time zone for the class you wish to register in. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

GK200 is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and are seeking to expand their knowledge base into iOS and Android examinations using Magnet Graykey. Students must be part of a law enforcement agency and must be cleared in advance to attend this course.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to improve their mobile device investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

Magnet Axiom Examinations (AX200) is ideal for those who require intermediate-level training with a digital investigation platform that covers cases involving smartphones, tablets, computers, and cloud data in a single collaborative interface. This course is the perfect entry point for examiners who are new to Axiom. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

AX310 is an expert-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and incident response techniques and want to improve computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an intermediate-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base into cloud-based and social media forensics. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on macOS and the forensic analysis of devices using the APFS file system and AXIOM. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an expert-level four-day training course, designed for participants who are somewhat familiar with the principles of digital forensics and who are seeking to expand their knowledge base on advanced forensics and improve their computer investigations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

This course is an intermediate-level two-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS file system examinations. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

Forensic Fundamentals (AX100) is a beginner-level course, designed for participants who are unfamiliar with the principles of digital forensics. You can purchase training classes directly online using a credit card or if payment by purchase order is required, please request a quotation from sales@magnetforensics.com.

More Information

Digital Video Investigations with Magnet Witness (DV200) is a beginner-level course, designed for participants who are not yet familiar with the concepts of the recovery and analysis of digital video files from commercially available digital video recorders.

More Information

Magnet Axiom to Cyber Transitions is ideal for those who are looking to continue their education and transition into the unique features of Axiom Cyber after taking the Axiom Examinations (AX200) course.

More Information

Core Mobile Acquisition and Analysis (AX150) is a beginner level course, designed for participants who are unfamiliar with the principles of mobile forensics. The course focuses on iOS and Android devices from the point of collection to the point of analysis whilst exploring Magnet Axiom and Magnet tools such as Magnet Acquire, the Magnet Custom Artifact Generator (MCAG) and Magnet Axiom Dynamic App Finder.

More Information

Core Mobile Acquisition and Analysis (AX150 Microlearning) is a beginner level course, designed for participants who are unfamiliar with the principles of mobile forensics. The course focuses on iOS and Android devices from the point of collection to the point of analysis whilst exploring Magnet Axiom and Magnet tools such as Magnet Acquire, the Magnet Custom Artifact Generator (MCAG) and Magnet Axiom Dynamic App Finder.

More Information

Magnet Axiom Advanced Mobile Forensics (AX300 Microlearning) details the use of Magnet Axiom’s advanced mobile analysis capabilities. Students will learn advanced analysis techniques and leverage Magnet Axiom Examine to become proficient in investigating advanced aspects of full file system extractions of both iOS and Android devices.

More Information

The Magnet Griffeye Examinations Course is a 3-day training course designed for students who have attended the Magnet Griffeye Lite online course or have already attained proficiency in Magnet Griffeye Advanced. The course is designed to equip you with the necessary skills and tools to handle media files effectively during a criminal investigation, thereby maximizing the productivity of the tool.

More Information

Digital Video Investigations with DVR Examiner (DV200) is a beginner-level course, designed for participants who are not yet familiar with the concepts of the recovery and analysis of digital video files from commercially available digital video recorders.

More Information

Magnet Verakey Examinations (VK200) is an intermediate-level four-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to improve their mobile device investigations.

More Information

Magnet Axiom’s Portable Case is a lightweight version of the full capabilities found in Axiom—designed for easy access and analysis of forensic findings. It shares the ability to investigate the case data from digital devices and produce reports with non-technical stakeholders, such as investigators and attorneys.

More Information

Magnet Griffeye Lite is a limited, free version of Griffeye offered to law enforcement officials to navigate digital media more efficiently. In this free tutorial, available in numerous 20-minute-or-less modules, attendees will see how they can make the most out of their use of Griffeye Lite, including how to use the software, applying searching and filtering techniques, as well as creating reports and exporting.

More Information

This course will prepare students to use Medex in complex authenticity or file origin cases and provide expert opinion testimony in court. Students will gain foundational knowledge of how digital video is encoded and stored in order to provide an expert analysis of it. It will also focus on the use of Medex in performing complex authentication examinations of digital video (including deepfake videos) as well as identifying the source of unknown video files.

More Information