ax200 cil – axiom examinations
The course is a training of a digital investigation platform that includes cases of smartphones, tablets, computers, data in the cloud, in one interface of cooperation. Students will gain a deep understanding of the benefits AXIOM’s “artifact first” offer in optimizing investigative efficiency.
Each module of instruction employs extensive scenario-based exercises, to reinforce the learning objectives, and further enhance the participant’s understanding of AXIOM’s functionality, and its application within the forensic workflow.
Duration: 4 days
• Installation of AXIOM and its core components, AXIOM Process and AXIOM Examine
• Configuration of AXIOM Process for the optimal acquisition and processing of digital evidence, including the Single Stage Evidence Processing capabilities of AXIOM
• Identification and decryption of encrypted evidence images such as Bitlocker encrypted drives
• Analyzing case data in AXIOM Examine to focus on Artifact identification, extraction, further investigation, and validation
• Use of Magnet.AI to automatically categorize images into known categories to reduce the examiner’s time spent manually categorizing them
• Use of AXIOM Process to demonstrate basic iOS and Android imaging capabilities including the ingestion and examination of iOS and Android backups
• Utilization of hash sets, keywords, regular expressions, and filters to identify key artifacts
• Using Connections Explorer to automatically link artifacts to each other to better tell the story of the artifact and its existence on the suspect’s devices
• Utilize the functionality of AXIOM Process to leverage Project VIC and CAID files as well as PhotoDNA to categorize images automatically
• Navigation within the evidence set utilizing multiple Explorers within AXIOM include Case Dashboard, Artifact, File System, Registry, and Connections
• Using the Dynamic App Finder to discover SQLite databases and extract data from within and keep templates of those databases for use in future examinations
• Application of tags and comments to prepare case evidence for exporting and reporting
• Using AXIOM Examine’s visualization tools such as the timeline and worldmap views to emphasize user’s behavior patterns
• Enhance participant understanding of key artifacts; their locations and formats; the user and system behaviors which created them; and, the manner in which AXIOM recovers them
• Building intuitive reports and sharing and managing portable cases with stakeholders
- You will have the knowledge and skills they need to acquire forensic images from computers, tablets, smartphones, and cloud evidence.
- You will configure the Magnet AXIOM Process to recover the most-relevant artifacts.
- You will Use Magnet AXIOM Examine to explore the evidence in greater depth, simplifying analysis activities by intuitively linking facts and data.
- You will prepare key artifacts for collaboration with other stakeholders.
what could you
- Practice and theoretical training
- Training materials
- Chance to get known possibilities of MSAB tools
- A certificate of completion
- A pass to the next levels: intermediate and advanced training
who is the
- Service employees, policemen and persons with tasks related to computer forensics within the scope of their duties.
- Forensic analysts.
- Court experts, people responsible in corporations for responding to IT incidents, IT security specialists.
- Employees of IT security and SOCs departments in companies.