ax250 cil – axiom advanced

Duration: 4 days

• Installation of AXIOM and its core components, AXIOM Process and AXIOM Examine
• Configuration of AXIOM Process for the optimal acquisition and processing of digital evidence, including the Single Stage Evidence Processing capabilities of AXIOM
• Identification and decryption of encrypted evidence images such as Bitlocker encrypted drives
• Analyzing case data in AXIOM Examine to focus on Artifact identification, extraction, further investigation, and validation
• Use of Magnet.AI to automatically categorize images into known categories to reduce the examiner’s time spent manually categorizing them
• Use of AXIOM Process to demonstrate basic iOS and Android imaging capabilities including the ingestion and examination of iOS and Android backups
• Utilization of hash sets, keywords, regular expressions, and filters to identify key artifacts
• Using Connections Explorer to automatically link artifacts to each other to better tell the story of the artifact and its existence on the suspect’s devices

opis• Utilize the functionality of AXIOM Process to leverage Project VIC and CAID files as well as PhotoDNA to categorize images automatically
• Navigation within the evidence set utilizing multiple Explorers within AXIOM include Case Dashboard, Artifact, File System, Registry, and Connections
• Using the Dynamic App Finder to discover SQLite databases and extract data from within and keep templates of those databases for use in future examinations
• Application of tags and comments to prepare case evidence for exporting and reporting
• Using AXIOM Examine’s visualization tools such as the timeline and worldmap views to emphasize user’s behavior patterns
• Enhance participant understanding of key artifacts; their locations and formats; the user and system behaviors which created them; and, the manner in which AXIOM recovers them
• Building intuitive reports and sharing and managing portable cases with stakeholders