🔍

Network Acquisition Features in Axiom Cyber

Jul 9, 2024

View transcript

Network Acquisition Features in Axiom Cyber

Introduction

  • Presentation by Magnet Forensics on Axiom Cyber's network acquisition features.
  • Focus on remote endpoint collections and cloud services (AWS S3 buckets, EC2 instances).

Remote Endpoint Collection Process

Starting a New Agent

  • Open Axiom Process for Cyber.
  • Select 'Remote Computer' as the new evidence source.

Managing Agents

  • Agents table shows previously created agents.
  • Options to connect, redeploy, or delete existing agents.
  • To investigate a new endpoint, create a new agent.

Creating a New Agent

  • Flexible agent creation process.
    • Name the agent to reflect file names, case numbers, etc.
    • Add metadata to the file for easier identification later.

Saving and Deploying Agents

  • Save the agent's location on your computer.
  • Can use other endpoint utility agents to deploy the agent.
  • Specify connectivity details (IP address, port).
  • Set reconnection and keepalive options.
  • Ensure agents target specific computers, not deployed system-wide.

Deployment and Connection

  • Enter target computer details like IP address, username, and password.
  • Agent can be deployed to specific locations on the endpoint.
  • Connect to the agent once deployed.

Evidence Collection

Selecting Locations and Files

  • Choose targeted locations (e.g., Downloads folder, Desktop).
  • Pre-select locations even if the endpoint is not yet connected.
  • Option to do a full physical image (not recommended over network).
  • Drill down into specific folders/files (e.g., C Drive, user folder, desktop files).

Memory Acquisition

  • Option to grab specific processes or full memory acquisition.
  • Memory examination using Axiom's built-in volatility.

Downloading and Analyzing Evidence

  • Automatic downloading of selected evidence pieces.
  • Option to delete or keep the agent post-collection.
  • Collected data archived and hashed for integrity.

Processing and Verification

Analyzing the Evidence

  • Evidence added to analysis in Axiom Cyber.
  • Background processing while reviewing the collected data.

Integrity Verification

  • Hash values provided for collected files (MD5, SHA-1).
  • Ability to confirm file integrity anytime.

Reviewing Evidence in Axiom Cyber

  • Breakdown of collected data by path (Desktop, Downloads folder).
  • File previews within the tool.
  • Artifact view for digging deeper into the data.

Conclusion

  • Axiom Cyber offers robust network acquisition and evidence analysis features.
  • Trial licenses and further information available through Magnet Forensics sales team.

Closing

  • Contact Magnet Forensics for more details or a trial license.
  • Thanks for joining the session.

Full transcript