June 2-5, 2019
  Myrtle Beach, SC, USA

Magnet Forensics Programs

Magnet Forensics Programs

Magnet AXIOM Examinations (AX200) (Pre-Conference)

Wednesday, May 30 – Saturday, June 2

Magnet AXIOM Examinations (AX200) is an intermediate-level course, designed for participants who are familiar with the principles of digital forensics, and seeking to use Magnet AXIOM for their investigations. At the conclusion of the four-day training course, participants will have the knowledge and skills they need to acquire forensic images from computer and smartphone evidence; configure Magnet AXIOM Process to recover the most-relevant artifacts; use Magnet AXIOM Examine to explore the evidence in greater depth, simplifying analysis activities by intuitively linking facts and data; and, preparing key artifacts for collaboration with other stakeholders. Each module of instruction employs extensive scenario-based exercises, to reinforce the learning objectives, and further enhance the participant’s understanding of AXIOM’s functionality, and its application within the forensic workflow.

Learning Objectives:

  • Installation of AXIOM and its core components, AXIOM Process and AXIOM Examine
  • Configuration of AXIOM Process for the acquisition and processing of digital evidence, including the Single Stage Evidence Processing capabilities of AXIOM
  • Identification and decryption of encrypted evidence images such as Bitlocker
  • Analyzing case data in AXIOM Examine to focus on Artifact identification, extraction, and further investigation
  • Use of AXIOM Acquire and Process to demonstrate basic iOS and Android imaging capabilities including the ingestion and examination of iOS and Android backups
  • Utilization of hash sets, keywords, regular expressions, and filters to identify key artifacts
  • Utilize the functionality of AXIOM Process to leverage Project VIC and CAID files as well as PhotoDNA to categorize images automatically
  • Navigation within the evidence set, using the Artifact, File System, and Registry explorer functionality
  • Using the Dynamic App Finder to discover SQLite databases and extract data from within and keep templates of those databases for use in future examinations
  • Application of bookmarks, tags, and comments to prepare case evidence for exporting and reporting
  • Using AXIOM Examine visualization tools such as timeline and worldmap view to emphasize user behavior patterns
  • Enhance participant understanding of key artifacts; their locations and formats; the user and system behaviors which created them; and, the manner in which AXIOM recovers them
  • Building intuitive reports and sharing and managing portable cases with stakeholders

magnet

Register Here

Magnet AXIOM Advanced Mobile Forensics (AX300)
(Pre-Conference)

Wednesday, May 30 – Saturday, June 2

Magnet AXIOM Advanced Mobile Forensics (AX300) details the use of Magnet AXIOM’s imaging abilities, using the standard mobile device imaging methodologies as well as advanced imaging techniques like TWRP and recovery image flashing when things don’t go as expected or when you encounter locked devices.

For those occasions when even those approaches won’t work, this class also introduces the concepts of ISP, JTAG, and chip-off methodologies to gain access to the data on mobile devices. After obtaining access to the data, participants will leverage Magnet AXIOM Examine to explore the contents and leverage AXIOM’s hallmark ability to reveal a wealth of important investigative artifacts.

These modules of instruction will build the participants abilities to investigate mobile devices from: image acquisition, utilizing backups found on computer media, understanding mobile device operating systems, Plists and SQL lite databases, to locating and parsing apps that are unsupported by forensic applications through developing custom artifacts.

Because AX300 is an expert-level course, it is recommended that students first complete Magnet AXIOM Examinations (AX200). AX200 will provide a thorough understanding of AXIOM that will help students focus on the mobile part of investigations in AX300.

Learning Objectives:

  • Learning advanced acquisition procedures and techniques (discussion on JTag, chip off, and ISP)
  • Configuring AXIOM Process and Acquire for the acquisition and processing of mobile devices, including the Single Stage Evidence Processing capabilities of AXIOM
  • Understanding of iOS by walk throughs dealing with advanced mobile acquisitions, jailbreaking and physical images, the iTunes Backup Service, Apple File Conduit, and iOS backup Encryption
  • Gaining access to encrypted backups and the iOS keychain with Passware
  • Obtaining the image by any means necessary using advanced mobile device acquisition techniques including Chip Off, JTAG, and ISP
  • Analyzing the difference between Full Disk Encryption (FDE) and File-Based Encryption (FBE) and what that means to the examiner
  • Utilizing ADB command in the command line to determine encryption employed
  • Utilizing direct imaging via recovery mode as well as TWRP to obtain the images
  • Understanding root exploits and gaining access via exploits
  • Leveraging AXIOM’s application downgrading to obtain images including databases of apps that don't allow database backups
  • Locating iTunes Backups & Pairing Records, and exploring backups, plist & org files as well as converting sha1 values
  • Locating Core iOS Data for analysis and validation and understanding the anatomy of an application
  • Understanding the File System layout, domains and organizational files
  • Understanding what to do when unsupported apps are discovered and making sense of the raw data to create custom artifacts
  • Exploring SQL databases
  • Exploring Android handset locks
  • Leveraging XML and Python in your Magnet AXIOM investigations to recover even more data

magnet

Register Here

2018 Sponsors

2018 Sponsors


 

Testimonials

  • “Techno Security & Digital Forensics Conference continues to be a great asset to both the law enforcement/government agency and civilian/commercial security space. Bringing these two groups together allows us all to continue to provide tactical and strategic improvements in the security space.”
    Jim Keegan, Director, Information Security
    Essent Guaranty, Inc.
  • “Techno Security & Digital Forensics Conference delivers state of the art training, networking opportunities, and access to the latest digital forensic products.”
    Darin Meadows, Lieutenant
    Houston County Sheriff's Office
  • “Techno Security & Digital Forensics Conference did an excellent job educating people on the relevant topics, trends, and best practices impacting and being used in organizations every day.”
    Matt Donato, Co-Founder & Principal Partner
    HuntSource
  • “The best conference to find out what is going on in the forensic community and the mobile devices area all in one gorgeous setting.”
    Charlene Warner, Digital Forensic Specialist
    Michigan Dept. of State Police - Computer Crime Unit