One of the most important parts of the forensic process is reporting and collaborating on findings. Magnet Forensics has built Portable Case, a feature of Magnet AXIOM and Magnet IEF to help foster that collaboration and make it more integrated, and thus less painful.
Our Director of Forensics, Jessica Hyde, and our Forensic Consultant, Jamie McQuaid are taking an in-depth look at Portable Case to help our customers understand all the benefits and features.
In part one, Jessica gives an overview of Portable Case and its benefits.Using Portable Case to Collaborate
Often during a digital forensic examination, it is necessary to collaborate on a case with other stakeholders. This can include attorneys, other investigators, subject matter experts, translators, human resources, and clients. AXIOM allows the forensic examiner to collaborate in this way via Portable Case.
Sometimes sharing a report is not always the best way for a stakeholder to review data. Often you may have multiple people with differing expertise involved in a case. By sharing a Portable Case, stakeholders can explore the evidence and add their own comments. The examiner can collaborate with the stakeholders and merge their feedback in the form of tags, comments and bookmarks back into the case.
The examiner has the option to create a portable case containing some or all the artifacts that have been parsed from the case. This allows the examiner to provide the stakeholders with the necessary portions of the case without overwhelming them if it is not necessary.
Workload management
If a case requires multiple examiners, you can pass a portable case to additional examiners. This allows multiple examiners to provide feedback and merge comments. Content review can be shared across a team and the results merged together. With portable case, you can create different content in different portable cases. For example: you can divide the case by type of content with one examiner looking at pictures and videos while another looks at the user’s emails and chats.
No additional license required
Portable case includes an executable so that your stakeholders can look at the case and navigate through the artifact data just as the examiner would and take advantage of the different views and filters. You can share the portable case without the need for an additional AXIOM license.
The portable case provides an easy interface for other examiners or stakeholders working on the investigation. The primary difference is that they will not have access to the File System or Registry views.
Visit the Magnet Forensics blog (https://www.magnetforensics.com/blog/deep-dive-portable-case-part-one/)to learn more about Portable Case features including:
Comment, Tag, and Bookmark
Merge feedback
Relevant Evidence Compliance
Wrapping it up
Part Two
In part two of our Portable Case blog series, Jamie will guide users through a step by step in setting up and sharing a case.
