ax250 cil – axiom advanced
Duration: 4 days
• Installation of AXIOM and its core components, AXIOM Process and AXIOM Examine
• Configuration of AXIOM Process for the optimal acquisition and processing of digital evidence, including the Single Stage Evidence Processing capabilities of AXIOM
• Identification and decryption of encrypted evidence images such as Bitlocker encrypted drives
• Analyzing case data in AXIOM Examine to focus on Artifact identification, extraction, further investigation, and validation
• Use of Magnet.AI to automatically categorize images into known categories to reduce the examiner’s time spent manually categorizing them
• Use of AXIOM Process to demonstrate basic iOS and Android imaging capabilities including the ingestion and examination of iOS and Android backups
• Utilization of hash sets, keywords, regular expressions, and filters to identify key artifacts
• Using Connections Explorer to automatically link artifacts to each other to better tell the story of the artifact and its existence on the suspect’s devices
opis• Utilize the functionality of AXIOM Process to leverage Project VIC and CAID files as well as PhotoDNA to categorize images automatically
• Navigation within the evidence set utilizing multiple Explorers within AXIOM include Case Dashboard, Artifact, File System, Registry, and Connections
• Using the Dynamic App Finder to discover SQLite databases and extract data from within and keep templates of those databases for use in future examinations
• Application of tags and comments to prepare case evidence for exporting and reporting
• Using AXIOM Examine’s visualization tools such as the timeline and worldmap views to emphasize user’s behavior patterns
• Enhance participant understanding of key artifacts; their locations and formats; the user and system behaviors which created them; and, the manner in which AXIOM recovers them
• Building intuitive reports and sharing and managing portable cases with stakeholders
- You will have the knowledge and skills that need to track computer access and file usage, utilizing Magnet AXIOM.
- You will better understand of investigating Windows computers.
- You will track file and folder location on profiles based on information recovered from Shellbags.
- You will take a look at collecting RAM images and parsing those images for actionable intelligence in support of the investigation.
- You will crack iTunes backups and Windows passwords based on information in the Image of the suspect Hard Disk Drive.
what could you
- Practice and theoretical training
- Training materials
- A certificate of completion
who is the
- Service employees, policemen and persons with tasks related to computer forensics within the scope of their duties.
- Forensic analysts.
- Court experts, people responsible in corporations for responding to IT incidents, IT security specialists.
- Employees of IT security and SOCs departments in companies.