- Magnet Forensics AX250 - JUL_2020
- AXIOM ADVANCED COMPUTER FORENSICS - AX250
- When Jul 14, 2020 09:00 AM to Jul 17, 2020 05:00 PM (US/Eastern / UTC-400)
- Where HARCFL Training Room
- Contact Name Thad Winkelman
- Contact Phone 816-584-4330
- Web Visit external website
- Add event to calendar iCal
Advanced Computer Forensics (AX250) is an expert-level course, designed for participants who are familiar with the principles of digital forensics and who are seeking to leverage Magnet AXIOM to increase their ability to investigate complex crimes utilizing AXIOM and complementary third-party tools. At the conclusion of this 4-day training course, participants will have the knowledge and skills they need to track computer access and file usage, utilizing Magnet AXIOM to explore the evidence in greater depth by learning about the newest sign-on technologies such as pin password, Windows Hello, picture password, fingerprint recognition, and Facial recognition. In this course a deeper understanding of investigating Windows computers will be provided by searching through artifacts like Windows Notification, Windows System Resource Utilization, Windows Error Reporting (WER) Logs, Event Logs (EVT), Event Tracing Logs (ETL), as well as a breakdown of the taskbar and whether an artifact was system pinned or user pinned to it. Also investigating EMDMgmt, to dig deep into tracking drives attached to the windows OS that may leave traces nowhere else. Investigating AppCompatFlags and AMCACHE, to determine executable files which were previously executed on the system but no longer exist. Tracking file and folder location on profiles based on information recovered from Shellbags. Maximizing the data from Prefetch files, Jumplists, and Recent Docs to correlate the data recovered from the previously artifacts. This course also takes a look at collecting RAM images and parsing those images for actionable intelligence in support of the investigation. Using Passware and the AXIOM Wordlist Generator to crack iTunes backups and Windows passwords from information in the Image of the suspect Hard Disk Drive including the most up to date versions of that software. Finally, participants of this course will investigate Google Drive, Modern Apps (Windows Store Apps), UsnJrnl and an in-depth look at File history and the extensible Database files tracking it.
Because AX250 is an expert-level course, it is recommended that students first complete Magnet AXIOM Examinations (AX200). AX200 will provide a thorough understanding of AXIOM that will help students focus on the mobile part of investigations in AX250. Click here to find out more about AX200.