One feature enhancement in Magnet AXIOM that IEF users will appreciate is improvements in searching and filtering. In AXIOM, we’ve made searching and filtering almost instant. You can stack filters to help narrow your search criteria and swap out any that no longer apply or aren’t needed.
Searching and filtering in IEF allowed for a lot of customization, but it was generally slower to search through all the evidence recovered. AXIOM definitely speeds this up and creates a more intuitive flow for layered searches and filters.Artifact vs File System Searching & Filtering
There are three ways to dig in to the evidence in Magnet AXIOM: Artifact Explorer, File System Explorer, or Registry Explorer. Depending on the data and what you’re looking for, each have their benefits. Let’s look at the different ways you can search and filter in each explorer.
Artifact Explorer
The first thing you are presented with when you open a processed case in AXIOM Examine is the artifact database. The Filters bar is located across the top and is grey in color when no filters are applied.
When you apply a filter, this bar turns yellow to visually notify the examiner that a filter is applied to their view. You can clear filters by hitting the “x” beside a keyword, clearing a single filter, or hitting the “Clear Filters” button to clear all filters.
When viewing artifacts, you have quite a few filters to choose from:
• Evidence – The evidence filter allows you to filter on any evidence sources you’ve added to your case. For example, if you process a computer and mobile phone as evidence, you will be able to filter to only show one source (default shows all evidence).
• Artifacts – The artifacts filter allows you to filter on artifact categories (such as chat, cloud, email, documents, etc.) or individual artifacts (such as Skype Chat Messages, Chrome Cache Records, Google Searches, PDF Documents, etc.). There is also a Find bar that allows you to quickly find any artifacts of interest.
• Content Types – The content types filter will allow you to filter on content type such as URLs, identifiers (such as user IDs, phone numbers, or names), or media (such as pictures, video, or audio). When applied, this filter will only show artifacts that have at least one field that applies to the filter.
• Date – In AXIOM we’ve separated the date and time into two separate filters that can be applied independent of each other so if you wanted to only view artifacts that occurred Monday – Friday during business hours, you can use these filters to do so. The date filter allows you to specify a date range or apply specific days of the week.
To read more about the Time Filter, Tags & Comments, Profiles, Partial Results, Keywords, Skin Tone Filters, Media Categories and how to use Artifact Searches, read the full blog here.
