The steps to process and analyze data using Magnet AXIOM are as follows:
- Start the Magnet AXIOM Process.
- The first window you will see is CASE DETAILS, as you can see in the following figure:
Figure 5.8. Magnet AXIOM CASE DETAILS window
Here, we have four main parts:
- LOCATION FOR CASE FILES - Here, you should choose the Folder name and File path being created during processing.
- LOCATION FOR ACQUIRED EVIDENCE - If you plan to acquire drives or mobile devices via AXIOM, choose the Folder name and File path for them, or just choose the same path as for case files.
- CASE INFORMATION - Type in your case number, your name, and the case description.
- REPORT OPTIONS - If you have your own logo or company logo, you can choose it by clicking BROWSE. Make sure the image is square, because it will be resized to 150x150 pixels.
- Once you have filled in all the fields, you can click GO TO EVIDENCE SOURCES. You can see the EVIDENCE SOURCES window shown in the following figure:
Figure 5.9. Magnet AXIOM EVIDENCE SOURCES window
Here, we have two options: ACQUIRE EVIDENCE and LOAD EVIDENCE.
- We are going to use an image we acquired previously, so our choice is the LOAD EVIDENCE button. You can use one of the images you acquired in the previous recipes.
- The next window is LOAD EVIDENCE, as you can see in the following figure:
Figure 5.10. Magnet AXIOM LOAD EVIDENCE window
- Here, we have a VOLUME SHADOW COPY option - click it. Now we have two more options: DRIVE and IMAGE.
- As we noted earlier, we are going to use an image. Once you choose it, you can see the list of shadow copies available on the image, as in the following figure:
Figure 5.11. Volume Shadow Copies list
- You can choose one or more shadow copies and go to processing details by clicking NEXT. This time, we will skip this step and go straight to artifacts details (click the GO TO ARTIFACTS DETAILS button).
As we are working with a shadow copy, the MOBILE ARTIFACTS option is inactive, but we can use the COMPUTER ARTIFACTS option. As in Belkasoft Evidence Center, here we have a wide range of artifacts, as you can see in the following figure:
Figure 5.12. Magnet AXIOM SELECT ARTIFACTS TO INCLUDE IN CASE window
- For testing purposes, we have included all available artifacts in the case. Click the GO TO ANALYZE EVIDENCE button, and the ANALYZE EVIDENCE button right after that. This will start Magnet AXIOM Examine.
- Once processing is finished, you will see the results in Magnet AXIOM Examine.