AX302 Magnet AXIOM Advanced iOS Examinations
An intermediate-level two-day training course, designed for participants who are familiar with the principles of digital forensics and who are seeking to expand their knowledge base into deep iOS file system examinations.
MODULE 1: COURSE INTRODUCTION
- Cover the basic prerequisites for Magnet AXIOM
MODULE 2: UNDERSTANDING IOS AND APPLE’S SECURITY
- Discussion-focused coverage of the iOS operating system’s security functions and structure.
- Learn about device protection class keys, understanding the handset lock codes and their function, as well as other functions of the operating system.
MODULE 3: DEVICE IMAGE TYPES & FILESYSTEM ACQUISITIONS
- Compare the different methods in the industry currently to extract filesystem images of iOS devices.
- Compare the different levels of filesystem images that can be acquired before and after the entering of the user’s handset lock code. Learn how to explore key artifacts within these different extraction types.
MODULE 4: IMPORTING DATA IN MAGNET AXIOM
- Understand the multiple ways to ingest information and develop a proper workflow for ingesting information from filesystem extractions.
- Learn about several AXIOM functions such as Dynamic App Finder, Search for Custom Files by Type, and how to target secure messaging applications.
MODULE 5: EXPLORING ARTIFACTS IN MAGNET AXIOM
- Explore multiple artifacts, including deep diving into artifacts that are core to the iOS file system – core artifacts will be explored in depth including techniques for recovering deleted information from these databases.
- Advanced file system artifacts such as PowerLog and KnowledgeC will be covered to talk about application usage times and data amounts. These and other artifacts will be explored to show examiners how to track when targets are interacting physically with a device in a specified timeframe.
- Exclusive file system artifacts such as location history, third party applications, and more will also be explored.