This is an expert-level four-day training course. It is designed for participants who are somewhat familiar with the principles of digital forensics and are seeking to expand their knowledge base on advanced forensics and leverage Magnet AXIOM, Magnet RAM Capture, and third-party tools to improve their computer investigations.
Magnet AXIOM Advanced Computer Forensics (AX250) will give participants the knowledge and skills they need to track computer access and file usage, utilizing Magnet AXIOM to explore the evidence in greater depth by learning about the newest sign-on technologies — such as pin password, Windows Hello, picture password, fingerprint recognition, and facial recognition.
In this course, a deeper understanding of investigating Windows computers will be provided by searching through artifacts like Windows Notification, Windows System Resource Utilization, Windows Error Reporting (WER) Logs, Event Logs (EVT), Event Tracing Logs (ETL), as well as a breakdown of the taskbar and whether an artifact was system pinned or user pinned to it.
Also, there will be time spent investigating EMDMgmt to dig deep into tracking drives attached to the Windows OS that may leave traces nowhere else. AppCompatFlags and AMCACHE will also be investigated to determine executable files which were previously executed on the system, but no longer exist.
Tracking file and folder location on profiles based on information recovered from Shellbags. Maximizing the data from Prefetch files, Jumplists, and Recent Docs to correlate the data recovered from the previously discovered artifacts. This course also takes a look at collecting RAM images and parsing those images for actionable intelligence in support of the investigation. Participants of this course will be utilizing Passware and the AXIOM Wordlist Generator to crack iTunes backups and Windows passwords from information in the image of the suspect hard disk drive including the most up to date versions of that software. Finally, participants of this course will investigate Google Drive, Modern Apps (Windows Store Apps), UsnJrnl and an in-depth look at File history and the extensible Database files tracking it.
As AX250 is an advanced course we recommend to do the Magnet Axiom AX200 course first. AX200 provides a deep understanding of AXIOM and helps the students to concentrate on the mobile part of the investigations in AX250.
All participants will receive official certification from Magnet Forensics after successfully completing the course.
Training Annual Pass
Also available: Magnet Training Annual Pass!
- The cost of TAP is less than two courses with access to much more for a 12-month period
- A one-time purchase allows for easier budgeting and more flexibility
- Stay up-to-date with the latest industry practices by continually accessing our course catalogue