How To Ingest Images From Various Tools And Acquisition Methods
Wednesday, February 07, 2018 (10:45:43)
Posted by MagnetForensics
Credible. Verifiable. Repeatable.
Magnet Forensics Founder and CTO, Jad Saliba, and Jamie McQuaid, our Forensics Consultant, have made it clear how fundamental these elements are to an investigation. They both insist that a tool box approach is the only “right” way to investigate evidence and achieve these results.
Jamie McQuaid and Jessica Hyde, our Director of Forensics, have written a series of blog posts that will walk through how to ingest various images from third-party sources (Cellebrite, XRY, and Oxygen) into AXIOM and how to export an AXIOM image for use with other tools.
Magnet Forensics purposefully built Magnet AXIOM and Magnet IEF with the ability to ingest images from various tools and acquisition methods, including JTAG, ISP and chipoff extractions.
In fact, we are committed to being a leading vendor for playing well with others within the industry. In the last year, we have enhanced our Project VIC integration, allowing examiners to pass data back and forth between Griffeye and AXIOM to utilize the best tool for the task at hand. Additionally, we’ve announced partnerships with Passware and F-Response as well.
Why would we support what might be seen as competitive products? Simple: It is imperative that examiners and investigators run their images, or phone dumps, through more than one tool to parse and carve out as much data as possible. Every tool is a little different and will always produce different results.
AXIOM and IEF are known for carving for a large number of data points from apps, docs, and more on smartphones or computers. We support thousands of artifact types to recover evidence from and our tools have a built-in feature that searches the data for potential/unknown databases and creates artifacts out of those for review.
The power of what we have built with AXIOM and IEF is that you can ingest all of those images, plus other devices, computers, cloud data, flash drives, and more into a single case file and examine all the digital evidence together and report on it together – one timeline, one world map, one view of chat threads across many devices.
This also works the other way, when we acquire evidence using either Magnet ACQUIRE or AXIOM, we try to avoid any proprietary formats that would restrict examiners from loading those images into other tools. Igor, Igor, and Oleg over at DigitalForensics.com have written a blog showing how to take an image from Magnet ACQUIRE and load it into Cellebrite Physical Analyzer.
Our primary goal is to help examiners do their job because we know there’s never going to be only one tool that does everything you need, it’s important that you can utilize all the tools at your disposal.
Sounds Great, But How?
Jamie McQuaid and Jessica Hyde, our Director of Forensics, have written a series of blog posts that will walk through how to ingest various images from third-party sources into AXIOM and how to export an AXIOM image for use with other tools.
Read each one here:
• Loading Cellebrite Images into Magnet AXIOM
• Loading Oxygen Images into Magnet AXIOM
• Loading XRY Images into Magnet AXIOM