Getting Started with Magnet AXIOM Examine - Search and Filters

Magnet Forensics

1 Jun 201808:28

Summary

TLDRIn this Magnet Forensics tutorial, Jimmy McQuaid introduces viewers to the powerful search and filtering capabilities of Magnet Axiom. He demonstrates how to apply global and column filters to streamline case analysis, highlighting the tool's unique ability to separate and filter date and time stamps. The video also covers keyword searches across various data types, showcasing the speed and efficiency of Axiom's indexed search feature. McQuaid concludes with a quick guide on setting up keyword lists for both pre- and post-processing stages.

Takeaways

🔍 The video is a tutorial on using Magnet Axiom, focusing on searching and filtering evidence within a case.
📊 Filters in Axiom are categorized into global filters and column filters, each serving different scopes within the case.
🔎 Column filters are applied within specific artifacts and columns, allowing for targeted searches based on column content.
🗂️ Global filters apply across the entire case, not limited to a single artifact or column, and include evidence sources, artifacts, and content types.
⏰ A unique feature of Axiom is the separation of date and time in filters, enabling more precise searches based on these parameters.
📅 The video demonstrates how to filter evidence based on business hours, such as Monday to Friday, 9:00 AM to 5:00 PM.
🔑 Keyword searches can be performed quickly due to indexing during the processing of artifacts, which speeds up the search without a full disk index.
📚 The tutorial shows how to apply multiple filters and keyword searches simultaneously, narrowing down the evidence efficiently.
🖥️ Axiom allows for keyword searches and filtering on the file system and registry, with options for recursive searches in folders.
🔑 The video explains how to use keyword lists for advanced searching, including the ability to combine multiple lists for 'OR' searches.
🛠️ The tutorial concludes with a reminder that keyword lists can be set up during or after processing, enhancing the search capabilities in Axiom.

Q & A

What is the main focus of the video by Jimmy McQuaid from Magnet Forensics?
-The main focus of the video is to help users get started with Magnet Axiom, specifically discussing searching and filtering in Axiom Examined.
What are the two main categories of filters mentioned in the video?
-The two main categories of filters mentioned are global filters and column filters.
How does the column filter work in Axiom Examined?
-The column filter allows users to filter data within a specific artifact and column by right-clicking and applying a search term to that column.
What is a global filter in the context of Magnet Axiom?
-A global filter in Magnet Axiom applies to the entire case, not just a specific artifact or column, and can filter based on evidence, artifacts, content types, and other case-wide criteria.
How does Magnet Axiom handle date and time filtering?
-Magnet Axiom splits up the date and time and stores them separately, allowing users to filter with the date or time independently, which is unique compared to most tools.
What is the benefit of filtering by 'business hours' in a case?
-Filtering by 'business hours' allows users to focus on data relevant to specific time periods, such as weekdays from 9:00 to 5:00, which can be particularly useful in corporate cases or understanding user activity during typical working hours.
How can users apply multiple filters in Magnet Axiom?
-Users can stack filters by applying them one after another, with each additional filter narrowing down the results based on the previous filters, effectively applying an 'and' operation between them.
What is the significance of indexing during the processing in Magnet Axiom?
-Indexing during the processing in Magnet Axiom allows for quick keyword searches by indexing all artifacts, which adds minimal overhead but significantly speeds up the search process compared to a full disk index.
How can users perform keyword searches on the file system and registry in Axiom Examined?
-Users can perform keyword searches on the file system and registry by navigating to those sections and using the search term feature, with the option to conduct a recursive search across all subfolders for a more comprehensive result.
What is the purpose of using keyword lists in Magnet Axiom?
-Keyword lists in Magnet Axiom allow users to import and search for multiple keywords simultaneously, which can be particularly useful for targeted investigations or when specific terms need to be flagged or analyzed.
How does the quick search feature differ from a keyword list search in Magnet Axiom?
-The quick search feature in Magnet Axiom adds an 'and' operator between keywords, while keyword list searches treat each keyword as an 'or' search, allowing for broader or more specific searches depending on the user's needs.