For example, most examiners at some point during a computer forensics examination will want to know what the subject searched for using Google, as Google is the most commonly used search engine. Learning Magnet AXIOM’s artifact-first forensics approach is a major part of this lesson and refined results plays a huge part of that.The Refined Results Artifact Category of AXIOM Examine is defined to combine and refine artifacts recovered into specific subcategories of artifacts for most commonly sought-after items of evidence.Track keys used to decrypt encrypted disks and then re-ingest that information using AXIOM post-processing.Understand the importance of looking for encryption and anti-forensics tools and how AXIOM categorizes those artifacts into a specific artifact category, enabling a quick identification if either category of software is being employed on the suspect media.Students will learn to collect basic information from the Operating System by using key artifacts such as Operating System Information, File System Information, User Accounts, and Installed Applications.The Registry Explorer will be utilized to validate artifacts recovered from the registry and populated in the Operating System Artifact Category.This module will focus on operating system artifacts most commonly encountered during the analysis of computer evidence recovered from the Windows Registry.MODULE 3: OPERATING SYSTEM ARTIFACTS Part 1 At the conclusion of this module, students will be able to successfully acquire forensic images from various evidence sources configure case-specific and global settings in AXIOM Process for the recovery of key artifacts and, create a case for analysis in AXIOM Examine.During this exercise, students will also be shown the capabilities of setting options for each supported artifact, and how to turn off specific artifacts to speed the processing of evidence files. Hands-on exercises will focus around processing details such as adding keywords to search and the importance of selecting the different encoding available for “All Content” searches (ASCII, Unicode…), hashing functionality and the varying types of hash sets such as NSRL, Project VIC, and gold-build image hashes.Collection from different evidence sources such as computer-based media (hard disks, memory cards, USB devices), cloud data, and mobile devices will be discussed and demonstrated.All settings in AXIOM Process will be discussed to ensure the use and effectiveness of Magnet AXIOM are maximized during processing - all while decreasing processing time and increasing effectiveness.MODULE 2: EVIDENCE PROCESSING AND CASE CREATION Hands-on exercises will allow you to install Magnet AXIOM and learn about its associated programmatic components: AXIOM Process and AXIOM Examine.Learning objectives will be presented along with expected outcomes over the course’s four days.MODULE 1: INTRODUCTION AND INSTALLATION OF MAGNET AXIOM
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |