Magnet Forensics Introduces Magnet AUTOMATE Enterprise

New solution will automate evidence recovery and processing, keep cyber investigations running 24/7/365 to reduce recovery time

Magnet Forensics recently announced the release of Magnet AUTOMATE Enterprise, a solution that is transforming how organizations respond to security events by automating and accelerating cybersecurity investigations.

Leveraging automation technology, Magnet AUTOMATE Enterprise synchronizes detection and incident response solutions to immediately trigger investigations, automates basic and repetitive tasks and enables forensic analysts to simultaneously recover and process evidence from multiple endpoints. This approach reduces the time enterprises need to respond to and recover from cybersecurity incidents.

“Cybercriminals have placed enterprises squarely in their sights and are increasing the volume and complexity of their attacks in order to exploit valuable intellectual property and other resources for their personal gain,” said Adam Belsher, chief executive officer of Magnet Forensics. “With Magnet AUTOMATE Enterprise, businesses can rapidly respond to ransomware, business email compromise, insider threats and other security incidents with newfound efficiency that will save hours of operational downtime, accelerate recovery and increase cyber resilience.”

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

It takes only minutes, not hours, for cybercriminals to penetrate the defenses of enterprises. According to Microsoft, some ransomware attacks are completed in under 45 minutes. Once access is gained, ransomware requires only three seconds to begin encryption. The response time to security incidents, however, is often slowed because forensic analysts need to manually launch each step of an investigation. Hours are lost as investigations stall between shifts, in evenings, on weekends and during holidays. Every additional second required to respond to a cybersecurity incident not only gives cybercriminals the opportunity to potentially steal more data, but it also increases the downtime for enterprises, which could cause monetary and reputational damages.

With Magnet AUTOMATE Enterprise, organizations can reduce the time it takes to respond to cybersecurity incidents from days to hours by:

  • Automating the basic and repetitive tasks performed by a manual user to keep investigations running 24/7/365 without human intervention
  • Enabling the integration of Endpoint Detection and Response tools and Security Information and Event Management tools with post-incident solutions to automatically trigger investigations
  • Performing simultaneous remote acquisitions to collect and process evidence from multiple computers
  • Concurrently processing evidence from computers, mobile phones, cloud storage environments such as Amazon Web Services and Microsoft Azure and communication services such as Microsoft Teams and Slack

“Magnet AUTOMATE Enterprise was purpose-built to sharply reduce the time it takes for security teams to respond to threats,” said Stephen Boyce, Magnet Forensics’ director of digital investigations, who supported and led cyber investigations for more than 10 years at public and private sector organizations such as the FBI and Unit 42 by Palo Alto Networks. “Automating the initial stages of cybersecurity investigations will make security operations more efficient, allow analysts to recover evidence faster than they ever could and permit them to focus on analysis so that they can get answers to stakeholders as quickly as possible.”

For more information, visit magnetforensics.com or sign up to attend Magnet Forensics’ webinar, Introducing Magnet AUTOMATE Enterprise, on Feb. 16. The webinar will begin at 11 a.m. in EST, PST, AEDT and CET time zones.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...