Getting Started with Magnet AXIOM Examine - Search and Filters

Magnet Forensics

1 Jun 201808:28

Summary

TLDRIn this Magnet Forensics tutorial, Jimmy McQuaid introduces viewers to the powerful search and filtering capabilities of Magnet Axiom. He demonstrates how to apply global and column filters to streamline case analysis, highlighting the tool's unique ability to separate and filter date and time stamps. The video also covers keyword searches across various data types, showcasing the speed and efficiency of Axiom's indexed search feature. McQuaid concludes with a quick guide on setting up keyword lists for both pre- and post-processing stages.

Takeaways

🔍 The video is a tutorial on using Magnet Axiom, focusing on searching and filtering evidence within a case.
📊 Filters in Axiom are categorized into global filters and column filters, each serving different scopes within the case.
🔎 Column filters are applied within specific artifacts and columns, allowing for targeted searches based on column content.
🗂️ Global filters apply across the entire case, not limited to a single artifact or column, and include evidence sources, artifacts, and content types.
⏰ A unique feature of Axiom is the separation of date and time in filters, enabling more precise searches based on these parameters.
📅 The video demonstrates how to filter evidence based on business hours, such as Monday to Friday, 9:00 AM to 5:00 PM.
🔑 Keyword searches can be performed quickly due to indexing during the processing of artifacts, which speeds up the search without a full disk index.
📚 The tutorial shows how to apply multiple filters and keyword searches simultaneously, narrowing down the evidence efficiently.
🖥️ Axiom allows for keyword searches and filtering on the file system and registry, with options for recursive searches in folders.
🔑 The video explains how to use keyword lists for advanced searching, including the ability to combine multiple lists for 'OR' searches.
🛠️ The tutorial concludes with a reminder that keyword lists can be set up during or after processing, enhancing the search capabilities in Axiom.

Q & A

What is the main focus of the video by Jimmy McQuaid from Magnet Forensics?
-The main focus of the video is to help users get started with Magnet Axiom, specifically discussing searching and filtering in Axiom Examined.
What are the two main categories of filters mentioned in the video?
-The two main categories of filters mentioned are global filters and column filters.
How does the column filter work in Axiom Examined?
-The column filter allows users to filter data within a specific artifact and column by right-clicking and applying a search term to that column.
What is a global filter in the context of Magnet Axiom?
-A global filter in Magnet Axiom applies to the entire case, not just a specific artifact or column, and can filter based on evidence, artifacts, content types, and other case-wide criteria.
How does Magnet Axiom handle date and time filtering?
-Magnet Axiom splits up the date and time and stores them separately, allowing users to filter with the date or time independently, which is unique compared to most tools.
What is the benefit of filtering by 'business hours' in a case?
-Filtering by 'business hours' allows users to focus on data relevant to specific time periods, such as weekdays from 9:00 to 5:00, which can be particularly useful in corporate cases or understanding user activity during typical working hours.
How can users apply multiple filters in Magnet Axiom?
-Users can stack filters by applying them one after another, with each additional filter narrowing down the results based on the previous filters, effectively applying an 'and' operation between them.
What is the significance of indexing during the processing in Magnet Axiom?
-Indexing during the processing in Magnet Axiom allows for quick keyword searches by indexing all artifacts, which adds minimal overhead but significantly speeds up the search process compared to a full disk index.
How can users perform keyword searches on the file system and registry in Axiom Examined?
-Users can perform keyword searches on the file system and registry by navigating to those sections and using the search term feature, with the option to conduct a recursive search across all subfolders for a more comprehensive result.
What is the purpose of using keyword lists in Magnet Axiom?
-Keyword lists in Magnet Axiom allow users to import and search for multiple keywords simultaneously, which can be particularly useful for targeted investigations or when specific terms need to be flagged or analyzed.
How does the quick search feature differ from a keyword list search in Magnet Axiom?
-The quick search feature in Magnet Axiom adds an 'and' operator between keywords, while keyword list searches treat each keyword as an 'or' search, allowing for broader or more specific searches depending on the user's needs.

Outlines

00:00

🔍 Introduction to Searching and Filtering in Magnet Axiom

Jimmy McQuaid from Magnet Forensics introduces a tutorial video on using Magnet Axiom, focusing on searching and filtering functionalities. The video demonstrates how to apply filters to evidence items within a case. Filters are categorized into global filters, which apply to the entire case, and column filters, which are specific to individual artifacts and columns. The tutorial shows how to use column filters to search for specific terms like 'how to' within Google searches and how to apply date/time filters to narrow down evidence based on timestamps. The video also explains how global filters can be used to filter evidence by source, artifacts, content types, and other criteria. A unique feature of Magnet Axiom is its ability to separate date and time in filters, allowing for more precise queries, such as filtering for business hours on weekdays.

05:02

🚀 Advanced Filtering and Keyword Searches in Magnet Axiom

This section of the video script delves into advanced filtering techniques and keyword searches within Magnet Axiom. It highlights the speed of keyword searches due to the indexing of artifacts during the processing stage, which is efficient and quicker than a full disk index. The video shows how to apply filters and keyword searches to various data types, including documents, emails, and chats. It also discusses the use of keyword lists for complex searches and the ability to stack filters for more refined results. Additionally, the script covers how to conduct keyword searches on the file system and registry, with options for recursive searches and the use of the F3 key to navigate between keyword hits. The video concludes with a brief mention of setting up keyword lists during processing and a thank you note to viewers.

Mindmap

Keywords

💡Magnet Axiom

Magnet Axiom is a digital forensics platform designed to help investigators analyze large volumes of data efficiently. In the video, it is the central tool being discussed, with the presenter, Jimmy McQuaid, demonstrating how to use its various features for searching and filtering evidence within a case.

💡Global Filters

Global filters are a type of filter in Magnet Axiom that apply across the entire case, not just to a specific artifact or column. They are used to narrow down the data set based on criteria such as evidence source, artifacts, content types, and more. The script mentions global filters as a way to apply broad criteria to the entire case, such as filtering by evidence source like a 'Windows 10 computer' or 'Samsung J7 phone'.

💡Column Filters

Column filters are specific to a single artifact and column within Magnet Axiom. They allow users to filter data based on the content of a particular column, such as searching for a specific term within 'Google searches' or setting a date/time range. The video script illustrates this by showing how to apply a filter to show only 'how-to' search terms in Google search results.

💡Artifacts

In the context of Magnet Axiom, artifacts refer to the digital evidence items that are analyzed within a case. They can be filtered by category or individually, and the video demonstrates how to apply filters to specific artifacts, such as filtering by 'Google searches' artifact to find specific search terms.

💡Date/Time Filtering

Date/time filtering is a feature in Magnet Axiom that allows users to set a range for when data was created or modified. The video highlights the unique capability of Magnet Axiom to separate date and time, enabling precise filtering, such as showing data only from 'Monday to Friday, 9:00 to 5:00'.

💡Keyword Searches

Keyword searches are a method of finding specific terms or phrases within the data. The video script describes how to perform quick keyword searches across the case and how these searches can be combined with other filters for more targeted results, such as searching for 'how to' in conjunction with specific time filters.

💡Indexing

Indexing in Magnet Axiom refers to the process of creating a searchable database of artifacts during the processing stage, which speeds up subsequent searches. The video emphasizes the efficiency of this feature, noting that it is faster than a full disk index and allows for quick keyword searches, as demonstrated when searching for 'how to' across various data types.

💡File System

The file system in Magnet Axiom represents the structured hierarchy of files and folders on a device. The video script explains how to perform keyword searches and apply filters within the file system, such as searching for a specific file path or conducting a recursive search across all subfolders.

💡Registry

The registry in Magnet Axiom is a database that stores configuration settings and options on Windows systems. The video demonstrates how to perform keyword searches within the registry, which is crucial for finding specific configuration settings or user preferences.

💡Keyword Lists

Keyword lists in Magnet Axiom are collections of terms used for searching and filtering data. The video script explains how to create and import keyword lists for more complex searches, such as using 'OR' conditions to find data that matches any term in the list, which is demonstrated by adding keywords under 'keyword lists' for an 'OR' search.

💡Evidence

Evidence in the context of Magnet Axiom refers to the data sources that are being analyzed, such as computers, phones, and other digital devices. The video script discusses how global filters can be applied to filter evidence by source, which is essential for managing and analyzing data from multiple sources within a case.

Highlights

Introduction to Magnet Axiom and its capabilities for searching and filtering in digital forensics.

Explanation of global filters and their application across the entire case.

Demonstration of column filters within individual artifacts.

Tutorial on applying filters to specific columns such as search terms and date/time.

Example of filtering Google searches for the term 'how to'.

Discussion on the flexibility of column filters to accommodate different data types.

Overview of global filters including evidence, artifacts, and content types.

Unique feature of Axiom's date and time filtering, allowing separate date and time ranges.

Practical example of filtering for business hours to narrow down case evidence.

Capability to stack filters for more precise searching within a case.

Quick keyword search demonstration across various types of evidence.

Highlighting of search results within documents and emails for the keyword 'how to'.

Efficiency of Axiom's indexing during processing for fast keyword searching.

Introduction to keyword lists and their use in advanced searches.

Guide on conducting keyword searches in the file system and registry.

Use of the F3 key to navigate between multiple keyword hits in a search.

Setting up keyword lists during or after processing for enhanced searching.

Conclusion and thanks for watching the tutorial on Magnet Axiom.