Getting started with Magnet Axiom
Using Axiom Process, you can acquire forensic images, load existing images, and run scans on those images all from the same interface. After processing is complete, you can review the evidence in Axiom Examine.
Start a case
Your first step is to start your case. You can create a new case in Axiom Process, or if you've already created a case, you can also add evidence to an existing case by browsing to a case or opening a recent case. If you choose to add evidence to an existing case, certain information—such as the case number, search type, keyword lists, and more—will be locked down based on the settings from the original search.
If you skip a step that's required, Axiom Process flags it with a warning symbol , and you won't be able to start processing until the step is complete.
Provide case details
Specify basic information about your case such as the case number, the case type, where you want to save your case files and acquired evidence, and more. The details you provide here are included in several reports or export types such as portable case, JSON, HTML, and PDF.
Custom case types
Axiom Process provides a set of default case types. However, you can also define your own case types. To define your own case types, create a text file called custom_types.txt in the root directory of Axiom Process. The default location of Axiom Process is C:\Program Files\Magnet Forensics\Magnet AXIOM\AXIOM Process. Enter each type on a new line. Axiom Process supports ASCII, UTF-8, UTF-16, and UTF-32 encoding of the custom types file. Case types defined in the custom_types.txt file appear in the Custom Types list in the Case details page.
Define custom case types
- Create a .txt file
- Save the file as custom_types.txt in the root folder of Axiom Process.
- Enter each custom type on a new line.
- Save your changes to the file.
Add your evidence sources
Add your evidence sources—computer, mobile, or cloud—and specify whether you are acquiring or loading evidence. Choose to acquire evidence if you want Axiom Process to create an image of a computer drive, mobile device, or cloud-based social media platform. Choose to load evidence if you are uploading existing forensic images, files, or folders.
If you have multiple forensic images, you can add them all to the same case.
Configure processing details
Configure advanced processing features so that you can use to get more out of your search, such as adding keywords, calculating hash values, categorizing evidence using Magnet.AI, searching for custom file types, and more.
Configure artifact details
Select the artifacts that you want to include or exclude from your search. Depending on the type of license that you have, you might have computer artifacts, mobile artifacts, cloud artifacts, or a combination.
Analyze evidence
After you finish configuring each step in Axiom Process, click Analyze evidence to start scanning the evidence. Axiom Examine opens automatically to display any evidence that is recovered. The Analyze evidence screen indicates what percentage of the scan is complete along with information about search definitions and thread details.
After the search completes, there might be additional steps to complete. If you configured Axiom Process to find more artifacts using the Dynamic App Finder, you might have to configure the artifacts that it discovers.
When a search completes, you can view a summary of the completed search—including any exceptions that might have occurred. You can also view the scan summary from the Case dashboard in Axiom Examine. Unprocessed files are also tagged in Axiom Examine with the Exceptions system tag.
Examine the evidence
You can examine your evidence in a number of different ways, including seeing an overview of your case using the Case dashboard or browsing the evidence using specific explorers. You can filter evidence to narrow your focus, tag and add comments to important evidence,
Export or share the evidence
You can export your evidence to share with other stakeholders in many different formats, including Excel, XML, HTML, PST, PDF, and more. You can also collaborate on a case with other examiners and stakeholders by creating a portable case.