AX200 Axiom Examination Microlearning
Magnet Axiom Examination (AX200 Microlearning) is ideal for those who are relatively new to forensics and want to learn how to utilize Axiom to get the most out of the forensic platform. Axiom is a platform that covers cases involving mobile device, computer, and cloud data in a single collaborative interface. Students will learn the workflows of how to interrogate and investigate devices containing digital media.
Description
Magnet Axiom Examination (AX200 Microlearning) is ideal for those who are relatively new to forensics and want to learn how to utilize Axiom to get the most out of the forensic platform. Axiom is a platform that covers cases involving mobile device, computer, and cloud data in a single collaborative interface. Students will learn the workflows of how to interrogate and investigate devices containing digital media.
Microlearning is designed to be consumable in very short lessons for those who are on the go and have little time to dedicate hours or days to learning. Single lesson microlearning lessons are the core of this learning modality.
What to expect
Explore the Magnet Microlearning
Micro lessons
Course introduction – An overview of the course and how the training is provided.
Introduction to Magnet Axiom tools – An explanation of what Magnet Axiom is, including its two key components: Axiom Examine and Axiom Process.
Installing Magnet Axiom – Learn more about the installation process, including the minimum hardware requirements and how to best configure the software for your hardware specification.
Introduction to the dashner case scenario – This will be a fictional case scenario used throughout the course. This lesson will show you the digital evidence available to you and explain the context and relevance.
Configuring user settings in Axiom Process - Learn how to efficiently navigate through the different menus and controls in Axiom Process and configure the user settings to manage the way Axiom works for you.
Creating a case in Axiom Process - Understand how to start a new case ready for evidence and processing by setting up the key folders and case information.
Adding evidence sources in Axiom Process - See what different sources Axiom supports and how to acquire and load new evidence into your case.
Adding processing details in Axiom Process – Covering the processing options for your loaded evidence, this lesson includes working with known hash sets for tagging and categorizing files, custom file types, and decrypting data using known passwords. Students will also discover how to use date range filtering and get to their evidence faster by choosing to postpone the carving of evidence.
Exploring Axiom examiner’s interface – This lesson covers the main menus and options in the Axiom Examine interface, including automatic post-processing actions such as building connections and picture comparison.
About the registry artifacts – Learn more about the functions of the Registry artifacts running a Windows operating system. Students will explore how an artifact category was populated and identify raw information in both hexadecimal encoding and plain text.
Validate registry information – Validating the information examiners are shown through any forensic tool is especially important in a digital forensics case, and this lesson will explore how the Registry explorer in Axiom can be used to validate information, using source and location links. This lesson also covers the use of third-party tools to validate the data.
Investigate OS and registry artifacts – Focusing on user accounts and time zone artifacts, this lesson will introduce students to tagging in Axiom and working with hexadecimal values.
Encryption & credentials artifacts within Axiom Examine – An introduction to working with encryption and anti-forensic artifacts, this lesson covers the identification of encrypted files or containers and the presence of anti-forensic software within the evidence.
Decrypting an encrypted bitlocker Drive – The case scenario handles methodologies for decrypting encrypted drives and adding this evidence to an existing case, including using Axiom to scan for recovery keys that will assist in decryption.
Refined results overview – Covering the uses of the Refined Results category and the different artifacts associated with it. Students will also be able to gain a solid understanding of applying filters and search options, as well as tagging evidential artifacts.
Cloud service url artifact – Review and understand the relevance of several cloud service artifacts and perform multiple searching and filtering to hone in on key evidence. The World Map View is shown to explore the location data stored in certain artifacts.
Locally accessed files and folders artifact – A vital resource to track local documents and other file access, including being able to identify devices that might have earlier been attached to the computer. This lesson also explores the rebuilt user’s desktop and the use of identifiers and profiles, to track technology and people connected to the evidence.
SQLITE databases, web history, and web visits - Exploring all web-related artifacts is vital to the majority of digital forensic investigations. This lesson identifies key browser-related artifacts and how databases provide evidence for these artifacts. Students will be able to explore SQLite databases and how to find key material in a database using Axiom.
Downloads, cached content, and bookmarks - Understanding the relevance of cached web content found on the device is critical to a sound investigative mindset. This lesson will also cover JSON files and how to validate the data from the Artifacts explorer.
Session data - This lesson focuses on the use of Google Chrome, including maximizing the information obtained from Session Data, as well as cookies, and examining the different sources and types of web visits. This lesson also explores using the Time Range filter to track activity.
Identifying different email artifacts in Axiom - Navigating to the Email & Calendar category in Axiom allows the students to explore the emails, where they will learn how to read email headers and extract IP addresses and significant dates and times from the emails.
Recovering email attachments form mail clients supported by Axiom - Axiom understands the importance of quickly identifying files sent via email. This lesson allows students to understand how to work with emails and use the links to switch between attachments and source emails.
Searching emails in Axiom – Understanding the nature of emails will allow students to use advanced search filtering to quickly reduce a potentially huge email store, down to just a few key artifacts.
Identifying different document artifacts supported by Axiom - Learn how to work with Document artifacts and see how Axiom presents PDF documents and how to search through the content.
Reviewing document metadata in Axiom - This lesson covers reviewing and utilizing document metadata information, focusing on Microsoft Office documents, such as Word and PowerPoint.
Optical character recognition (OCR) in Axiom – See how to use the OCR function of Axiom and understand to extract text from PDFs and images.
Exploring OS artifacts – USB devices and LNK files - This lesson covers the importance of LNK files and how they relate to other artifacts. Students will get to use multiple artifacts together with time filtering to establish a chain of events from the evidence.
Exploring OS artifacts – mru docs, jump lists, prefetch Files - Understand the importance of Prefetch files and how they relate to program execution. This lesson will also explore Jump Lists and the rich data that can be parsed from this source.
Exploring OS artifacts – windows event logs - The Windows Event Logs can seem overwhelming at first, but this lesson will show students how to dive into the data and use the advanced filtering of Axiom, together with data collected from other artifacts to piece together activity caused by the suspect. This lesson also covers Windows Timeline, a lesser-known Windows component that tracks user activity across the computer.
Features of pictures and videos – This lesson will show how to identify the types of media supported by Axiom, including how to search for, locate, and tag files to review. Students will learn about image and video artifacts and how the differing views of Magnet Axiom make it easy to review and categorize them.
Features and functions of MagnetAI - Using automation is so beneficial to examiners and this lesson shows Content-Based Image Retrieval usage to find pictures relevant to the investigation. This lesson also introduces categorizing and grading images.
Features of officer wellness and media explorer - Continuing the categorizing of pictures, this lesson describes how Axiom makes it easy to protect those that have to categorize illegal content through a suite of Officer Wellness features. The Media Explorer is used to filter media based on grouping, including stacking images by hash.
Features of connections and timeline explorer - This lesson introduces working with Connections and the Timeline explorer so that students can identify related artifacts and data fragments. Students will also be able to export a CSV report from their cases.
Accessing android mobile device artifact in Axiom - An introduction to the acquisition, extraction, and analysis of mobile artifacts. Students will be able to describe the differences between acquisition types and the techniques required for Android and iOS devices.
Identifying different mobile artifacts in Axiom - This continued lesson shows students how to identify and analyze SMS and MMS messages, along with manually reviewing mobile data from the extraction tools used by Axiom. Students will be able to use Magnet.AI against the evidence to categorize conversations for sex-related or grooming content. This lesson details how this data may be synchronized across other devices.
Working with cloud data - Students will be introduced to the importance of capturing cloud data. The acquisition methods for cloud data are explored for a variety of platforms, as well as the in-depth analysis of cloud artifacts, including social media platforms and cloud storage providers.
Creating exports/reports in Axiom - Learn how to work this vital tool within Axiom to create templates for reports and customize the output for stakeholders. Students will get to create their HTML reports for the case scenario and review the dynamic features of such a report.
Working with portable cases – This lesson describes the process of creating a Portable Case for review by external or internal stakeholders. The use of tagging within Portable Case is described as it differs from Axiom. Lastly, the lesson covers the ability to merge a Portable Case back to the main case, and the important caveats to be aware of.
Exporting case artifacts from Axiom - There is often cause to export files from the case for external review. This lesson shows the students how to export file details as a CSV which can include file dates, MD5 and SHA1 hash lists and more. The lesson also covers exporting artifacts individually and in groups, including directly to a ZIP container.