Analyze and share digital evidence faster with a tool developed by and for police
Magnet Forensics, founded by a former investigator, offers a way to process, review and share a wide range of digital evidence artifacts
Sponsored by Magnet Forensics
By PoliceOne BrandFocus Staff
More and more cases rely on digital evidence, but sifting through images, text messages and other digital artifacts from mobile devices, computers and cloud-based storage can be a time-consuming and labor-intensive process. With thousands of new apps launched every week – any one of which could contain relevant forensic material – investigators need tools to help them quickly find the proverbial needle in the digital haystack.
Magnet Forensics, founded by a former investigator who recognized the need for such a tool, offers its AXIOM platform as an efficient way to process, review and share a wide range of digital evidence artifacts, including both hardware-based data and cloud data.
PROCESS AND PRESERVE EVIDENCE
Magnet AXIOM comprises two main applications: AXIOM Process, which clones and indexes the data for evidence preservation and sorts it for easy review, and AXIOM Examine, which facilitates the analysis of the evidence to help police build their case.
AXIOM Process begins with the crucial step of disk imaging, or creating a copy of the data, which preserves the evidence while allowing analysts to examine the data without altering or destroying the original. Although cloud access is less straightforward than the seizure of a laptop of smartphone – it varies by regional regulations and the scope of the warrant – AXIOM Process enables investigators to collect data from the cloud, as well as files saved on (or deleted from) smartphones and computers.
The AXIOM Process software then parses all the files, including zip files and deleted files, to recover relevant information. Next, the data is sorted by type (photos, text messages, etc.) for easy searching and analysis using date ranges, keywords and other tools.
In the past, investigators had to toggle between different tools (and their different report formats) to correlate all these artifacts manually, which risked missing key evidence and connections. Gathering everything together in one tool helps investigators save time, says Cody Bryant, senior product manager for Magnet Forensics, by helping them quickly recognize connections from computer, cloud and mobile in a single format.
EXAMINE EVIDENCE WITH SIMPLE SEARCHES
The second application, AXIOM Examine, presents the artifacts collected and sorted by AXIOM Process for review and analysis in a case database. Magnet Forensics designed the application to make the user experience as simple as possible, says Bryant, to help investigators work faster and to hit the ground running without requiring extensive training.
“We’ve got a bunch of different features in the Examine application to make the investigator’s life easier and find the relevant content faster,” he said. “We’ve tried to focus on making it as simple as possible to use so that if an investigator who didn’t have a technical background or training had to use our software, they would be able to understand how to find the information that they need to close their case.”
AXIOM Examine arranges the artifacts by type – photos, text messages, browser history, etc. – so that users can focus on the category or categories that are most relevant to their case. Users can perform simple keyword searches and filter results by date and time ranges.
The software also presents the data in its “natural form” or in a timeline rather than in a list or spreadsheet. For example, the software recreates conversation bubbles for chat messages and SMS conversations and presents pictures in a gallery view where investigators can look through thumbnails to find content of interest. Location data is plotted on a world map.
WORK FASTER TO CONNECT THE DOTS
AXIOM Examine also provides a feature called Magnet.AI, which uses artificial intelligence to parse large amounts of data to help investigators save time by prioritizing what’s most likely to be relevant to the case.
In essence, Magnet.AI scans chat conversations and text messages for relevant phrases and themes to help investigators zoom in on what’s relevant without having to read through every single message, saving countless hours.
The Connections feature provides a graphical representation of the digital evidence in a conceptual map that literally connects the dots by showing how artifacts relate to each other. This information helps investigators build a story around a given piece of evidence, such as a photo.
“If you’re going to charge a suspect with possessing, producing and/or distributing that picture, you need to be able to put a story together around the picture to be able to prove where it came from and where it might have gone,” said Bryant. “That’s really the value of being able to look at your cloud evidence, your smartphone evidence, your mobile evidence and your computer evidence all in one case and review platform. You can see all of that together and where there might be connections.”
COLLABORATE WITH OTHER DIVISIONS, DEPARTMENTS
Magnet AXIOM also facilitates collaboration among various stakeholders, whether within your department or in another jurisdiction – or even globally – with its Portable Case feature.
Portable Case allows an investigator to create a miniature version of the case file that includes specific pieces of evidence. The investigator can then share it via a zip file that includes an executable (temporary) version of AXIOM Examine.
The recipient does not need to be a Magnet AXIOM user or install the software. Stakeholders can look at all the shared evidence and everything they need to work with in one folder and navigate through the artifact data just as the investigator would, including searches, tagging and filters, without the need for an additional AXIOM license.
“Collaboration is definitely a big part of what we do,” said Bryant. “It lets everybody work from the same tools. The Portable Case really is the miniature version of AXIOM, so you don’t have to have a whole bunch of people trained on a super-technical digital forensics tool.”
Investigators in Canada used the AXIOM software to gather evidence and secure the prosecution and conviction last year of a man who was soliciting child pornography from various countries via the internet. Police used Magnet Forensics tools to facilitate international cooperation during the investigation, which also helped secure the rescue of nine abused children in the Philippines.
Magnet Forensics itself collaborates with other vendors in the industry to ensure that law enforcement can utilize multiple forensic solutions in their toolkit to handle the ever-changing landscape of digital evidence. The company also hosts an Artifact Exchange portal, where digital forensics pros who have written custom artifact tools for specific types of information can publish them so that anyone can get value from that research.
“It’s impossible for vendors to support recovering data from every single possible application, and they’re changing so often that you just can’t keep up,” said Bryant. “We try to make the Artifact Exchange as open as possible to the community because that research should be shared to the benefit of all.”
SOLD AS INDIVIDUAL LICENSES, FREE TRIAL AVAILABLE
Magnet AXIOM licenses are available per seat – one for each forensic examiner who needs access, plus a maintenance fee to cover ongoing updates that deliver the latest software updates and new features. The company offers a free 30-day trial so agencies can check out the platform for themselves.
Bryant says the simplicity and comprehensiveness of Magnet AXIOM make it a key time-saver for investigators.
“I really can’t stress enough the importance that we place on the simplicity of the tool,” he said. “More can be achieved when all the data is examined together, and the automation, artificial intelligence and data visualization features help investigations go more quickly.”