Introducing Magnet AUTOMATE Enterprise
Magnet AUTOMATE Enterprise provides the workflow building and automation functionality from Magnet AUTOMATE, while being tailored towards enterprise usage with its ability to remotely acquire evidence. Using remote acquire, you can gather evidence from both Windows and macOS computers to complete targeted investigations on an as-needed basis.
To collect data from a remote computer, your workflow creates an agent, which is a standalone executable process that gets deployed to the remote computer. Once the agent is running, it attempts to make a connection back to your workflow at a defined interval. After the workflow downloads items of interest from the remote computer, the agent is removed from the target computer.
A remote acquisition can target drive volumes (Windows only), memory (Windows only), and targeted locations from the computer (Windows and macOS).
New and updated
Here's some more information about updates to the Magnet AUTOMATE platform that have been introduced since the last Magnet AUTOMATE release.
- Added a new platform overview on the dashboard that shows the number of evidence items that have been processed for each platform type (Windows, iOS, Android, etc).
- Added support for processing Magnet AXIOM cloud images, warrant returns, and other types of downloaded cloud data.
- During node configuration, nodes are now prevented from having spaces in their names.
- PowerShell has now be added as a default app that can be selected during node configuration.
- Updated the Jenkins libraries from 2.277.4 to 2.319.1. As part of the Jenkins update, Java was also updated from version 8 to 11. Due to the Java upgrade, it's important that you update both the node and master services to Magnet AUTOMATE 2.17 when you update. Using a controller with 2.16 or earlier and a node with 2.17 will result in issues.
- Better detection for unsupported encrypted computer images has been added. Encrypted APFS images and images encrypted with tools such as VeraCrypt, TrueCrypt, FileVault, FileVault 2, Symantec PGP, BitLocker, and BitLocker To Go are now flagged as unsupported for decryption when they're loaded into a case (or detected by a watch folder). Previously, Magnet AUTOMATE would attempt decryption, but the output was not able to be processed in a workflow. If you have another decryption tool in your workflow that supports these images, you can continue processing them in your workflow. Or, you can decrypt the images outside your workflow using Magnet AXIOM.