Myrtle Beach, SC

June 2-5, 2019

Marriott Resort at Grande Dunes

Hero Default

hero__default

Magnet Forensics Programs

Magnet AXIOM Examinations (AX200) (Pre-Conference)

Wednesday, May 30 – Saturday, June 2

Magnet AXIOM Examinations (AX200) is an intermediate-level course, designed for participants who are familiar with the principles of digital forensics, and seeking to use Magnet AXIOM for their investigations. At the conclusion of the four-day training course, participants will have the knowledge and skills they need to acquire forensic images from computer and smartphone evidence; configure Magnet AXIOM Process to recover the most-relevant artifacts; use Magnet AXIOM Examine to explore the evidence in greater depth, simplifying analysis activities by intuitively linking facts and data; and, preparing key artifacts for collaboration with other stakeholders. Each module of instruction employs extensive scenario-based exercises, to reinforce the learning objectives, and further enhance the participant’s understanding of AXIOM’s functionality, and its application within the forensic workflow.

Learning Objectives:

  • Installation of AXIOM and its core components, AXIOM Process and AXIOM Examine
  • Configuration of AXIOM Process for the acquisition and processing of digital evidence, including the Single Stage Evidence Processing capabilities of AXIOM
  • Identification and decryption of encrypted evidence images such as Bitlocker
  • Analyzing case data in AXIOM Examine to focus on Artifact identification, extraction, and further investigation
  • Use of AXIOM Acquire and Process to demonstrate basic iOS and Android imaging capabilities including the ingestion and examination of iOS and Android backups
  • Utilization of hash sets, keywords, regular expressions, and filters to identify key artifacts
  • Utilize the functionality of AXIOM Process to leverage Project VIC and CAID files as well as PhotoDNA to categorize images automatically
  • Navigation within the evidence set, using the Artifact, File System, and Registry explorer functionality
  • Using the Dynamic App Finder to discover SQLite databases and extract data from within and keep templates of those databases for use in future examinations
  • Application of bookmarks, tags, and comments to prepare case evidence for exporting and reporting
  • Using AXIOM Examine visualization tools such as timeline and worldmap view to emphasize user behavior patterns
  • Enhance participant understanding of key artifacts; their locations and formats; the user and system behaviors which created them; and, the manner in which AXIOM recovers them
  • Building intuitive reports and sharing and managing portable cases with stakeholders

magnet

Register Here

Magnet AXIOM Advanced Mobile Forensics (AX300)
(Pre-Conference)

Wednesday, May 30 – Saturday, June 2

Magnet AXIOM Advanced Mobile Forensics (AX300) details the use of Magnet AXIOM’s imaging abilities, using the standard mobile device imaging methodologies as well as advanced imaging techniques like TWRP and recovery image flashing when things don’t go as expected or when you encounter locked devices.

For those occasions when even those approaches won’t work, this class also introduces the concepts of ISP, JTAG, and chip-off methodologies to gain access to the data on mobile devices. After obtaining access to the data, participants will leverage Magnet AXIOM Examine to explore the contents and leverage AXIOM’s hallmark ability to reveal a wealth of important investigative artifacts.

These modules of instruction will build the participants abilities to investigate mobile devices from: image acquisition, utilizing backups found on computer media, understanding mobile device operating systems, Plists and SQL lite databases, to locating and parsing apps that are unsupported by forensic applications through developing custom artifacts.

Because AX300 is an expert-level course, it is recommended that students first complete Magnet AXIOM Examinations (AX200). AX200 will provide a thorough understanding of AXIOM that will help students focus on the mobile part of investigations in AX300.

Learning Objectives:

  • Learning advanced acquisition procedures and techniques (discussion on JTag, chip off, and ISP)
  • Configuring AXIOM Process and Acquire for the acquisition and processing of mobile devices, including the Single Stage Evidence Processing capabilities of AXIOM
  • Understanding of iOS by walk throughs dealing with advanced mobile acquisitions, jailbreaking and physical images, the iTunes Backup Service, Apple File Conduit, and iOS backup Encryption
  • Gaining access to encrypted backups and the iOS keychain with Passware
  • Obtaining the image by any means necessary using advanced mobile device acquisition techniques including Chip Off, JTAG, and ISP
  • Analyzing the difference between Full Disk Encryption (FDE) and File-Based Encryption (FBE) and what that means to the examiner
  • Utilizing ADB command in the command line to determine encryption employed
  • Utilizing direct imaging via recovery mode as well as TWRP to obtain the images
  • Understanding root exploits and gaining access via exploits
  • Leveraging AXIOM’s application downgrading to obtain images including databases of apps that don't allow database backups
  • Locating iTunes Backups & Pairing Records, and exploring backups, plist & org files as well as converting sha1 values
  • Locating Core iOS Data for analysis and validation and understanding the anatomy of an application
  • Understanding the File System layout, domains and organizational files
  • Understanding what to do when unsupported apps are discovered and making sense of the raw data to create custom artifacts
  • Exploring SQL databases
  • Exploring Android handset locks
  • Leveraging XML and Python in your Magnet AXIOM investigations to recover even more data

magnet

Register Here

2019 Sponsors


QUOTE

  • Fantastic conference loaded with valuable information, powerful resources, and networking opportunities. A unique Cybersecurity and Digital Forensics unparalleled platform.
    Orit D. Gruber, Chief CLT, College of Staten Island
  • It was another great Techno event for us, we had fantastic booth traffic, thank you! As always, we saw a great mix of very important current customers and some good new prospects. We signed on for Techno Security & Digital Forensics Conference in California because we expect the usual excellent “Techno” results.
    John Graham, Director of Sales and Business Development, Atola Technology
  • I have participated in the Techno Security & Digital Forensics Conference since 2011 and highly recommend it to anyone in the DFIR community considering attending in the future. I experienced an immediate return on investment after the first day’s training sessions. The personal interaction and professional training available at the Techno Security & Digital Forensics Conference is simply the best in the industry.
    Will Baggett, DFIR Analyst, R. W. Grant Consulting
  • Thanks for a great event. I can't thank you enough for the quality of the event and staff. We generated more solid leads at this event than any other we have attended this year. Thanks for going the extra mile it's always a pleasure to work with you. Look forward to seeing you in San Antonio!
    Jason Roslewicz, Chief Executive Officer, Sumuri
  • The Techno Security & Digital Forensics is an incredible conference for everyone form security practitioners to forensics experts. The breadth and diversity of information shared at the conference gives all attendees an opportunity to leave the conference educated or at least exposed to a variety of security disciplines. I would recommend this conference to anyone from the curious to those seeking to further their education and knowledge base in the industry.
    Brian Bannister, Chief Information Security Officer, S.C. Department of Health and Environmental Con

SECURE YOUR BOOTH TODAY!

SECURE YOUR BOOTH TODAY!

Connect with professionals looking for the latest tools, training, networking, and solutions to industry challenges.

LEARN MORE