How To Use The Magnet Web Page Saver

Hey everyone, Tarah Melton here, and today we’re going to walk through a workflow that you can use alongside a new artifact in AXIOM 4.4 that will help you present data output from Magnet’s free too, the Magnet Web Page Saver.

The Magnet Web Page Saver, or WPS, will capture how web pages look at a specific point in time, with tons of features including the ability to save LinkedIn embedded images and videos from those captured web pages that you can then process and hash within Magnet AXIOM afterwards.

So let’s walk through this workflow really quick.

First, I’m here in AXIOM Examine, and suppose you’re analysing your internet-related artifacts in your case, and you want to further analyse the data hosted on those artifacts that you’re seeing. With this workflow, I’m going to show you how you can easily export those URLs from AXIOM, import them into WPS, and then import the output from WPS back into AXIOM to add to your examination.

From AXIOM you can export the internet activity of interest; in this case I’m going to use a template I have created. I can either right click and choose ‘Create export / report’ from the artifacts list, or I can go up to the top file menu and choose that there as well.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Going through the report building steps for a CSV export, I will click ‘Next’, and then in the items to include I am going to go ahead and use this template that I have created for WPS.

If you click ‘Manage templates’ in the top right, you will have the ability to create and edit and import some specific templates for artifacts that you can manage and share within your own lab. And same with the templates for specific columns that you want to include.

I’ll click ‘Edit’ here just to show you what I have selected for this specific template. You can see I have selected only specific artifacts related to web activity for use in WPS. But you can create specific templates for whatever you need to use in your lab, whatever fits your specific use cases.

I’ll close out of these windows, and you can see I’ve selected this template for WPS. And when I click ‘Next,’ only those artifacts that I have selected from that template are going to be included.

Next I’m going to choose a column template as well. This is only going to include the pre-selected columns for each of these artifacts that you want to export in your report.

I’m going to go ahead and finalise this export. And you can see that it is exporting to CSV now. And I have that exported CSV open over here, and as I scroll through, you can see there’s URLs from all of those specified artifacts, along with the additional columns that I had specified in my templates.

Now open the Magnet Web Page Saver. Again, this is a free tool that you can download from Magnet’s resource center. I have the ability to import URLs from either a text or CSV file. And just to note, in CSV files it doesn’t matter if there is additional data in that spreadsheet like we have in our export. It’s only going to pull in those listed URLs.

So I’m going to navigate to the exported CSV that we exported from AXIOM, and now those URLs are listed here to be captured with WPS. I’m going to go ahead and save that. And then I’ll click on the options here. And what I want to point out is, if you’re going through this workflow, to make sure to check this box next to the SQLite output. This will output the data pulled by WPS into a SQLite database file, including the images pulled from those web pages, for easy import into AXIOM.

Now I’ll save that. And when I click ‘Start,’ I just have to give it an output path, and once I do you’ll see that it’ll start iterating through that imported URL list and start capturing those web pages.

So I already have some output from a previous pull of WPS, as you can see here, and I’m going to transition back to AXIOM and I want to add a new evidence to the case that I’ve been working. So I’m going to navigate to the Process menu, and I’m going to say ‘Add new evidence to case.’ And then within AXIOM Process, I’m going to go ahead and add that SQLite database from WPS as an evidence item. So I’m going to go to ‘Windows,’ ‘Load evidence,’ ‘Files and folders,’ and then browse to that db. And then I’m going to go ahead and name that ‘WPS Output.’

And then down in the list of artifacts, we now have under the web-related category this Magnet Web Saver artifact to select. Previously you could select it as a custom artifact to bring this data into your case, but this integrated artifact adds even more capability.

So I’ve already processed this database, so back in Examine I’ll just filter for that processed evidence from WPS. And here’s the output. You will see that there is three separate artifacts: we have captured HTML, captured media, and then also captured web pages, which will display the captured web page in the Preview pane.

And for many of these artifacts, you are able to use additional features in AXIOM, like building connections from this output.

This workflow with this new artifact in version 4.4 in AXIOM is super helpful when you want to deepen your analysis of internet-related activity in your examination. Also, don’t hesitate to check out the resource center on the Magnet Forensics website for more blogs, how-to videos and webinars for even more specifics of creating and utilizing reporting templates; using the Magnet Web Page Saver and other free tools; and more. And please let us know if you have any comments or questions.

Thanks for watching.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles