In any investigation, digital forensic examiners must address key questions, including the pivotal “when” and “how.” Precise timestamps play a vital role in answering these questions, whether by constructing timelines, correlating events, or connecting relationships between various actions and users.
But when some events occur at machine speed, a lot can happen in just one second!
Now, millisecond precise timestamps are supported throughout Magnet AXIOM and Magnet AXIOM Cyber and all artifacts where millisecond data is available, such as in Timeline, Connections, and log entries. Ultimately this enables you to quickly analyze chronologically sorted artifacts with improved accuracy.
Faster, More Accurate Log Analysis for Malware Investigations
While artifacts shortened to 0.01-second precision provided ample resolution for most investigations, we heard from our customers that the value of log analysis for digital forensics and incident response (DFIR) required even finer detail on timestamps.
Malware rapidly executes a variety of malicious actions on an infected system, depending on the purpose and type of malware. This means several events can occur in one second. Without millisecond precision, they might have been reported out of order. If that happened, it was difficult to determine the execution order of events and required that the examiner manually sort the artifacts. Displaying events sorted to the millisecond helps you to immediately understand what happened when and how making the analysis of artifacts a lot faster.
Use Timeline Explorer to visually analyze data so you can intuitively interpret and tell the story of your digital evidence – now with millisecond precision.
Faster Vehicle Forensic Analysis
Modern vehicles are made up of several control units, called Electronic Control Units (ECUs), that work together to control the different areas of the car. They’re connected by a network inside the car called the CAN, or the Controller Area Network.
In the event of an accident, several events can occur within the same second, either triggered by the driver or vehicle sensors. Understanding with millisecond precision the sequence of events, and in the correct order, makes it faster and easier for law enforcement forensic examiners to analyze the artifacts to reconstruct the incident and report on what occurred.
Learn more about analyzing vehicle insight in AXIOM using Berla iVe extractions here.
Accelerate Your Investigations with Advanced Analytics
The powerful analysis tools in AXIOM and AXIOM Cyber were designed to automatically surface case-relevant evidence and insights quickly and easily. Several tools are included, such as Media Explorer, Cloud Insights Dashboard, Connections, Timeline, and technology such as machine learning and CBIR (Content-Based Image Retrieval) to surface evidence quickly.
To learn more about all of the time-saving analysis features in AXIOM and AXIOM Cyber, check out this blog post.
Get Your Free Trial of AXIOM or AXIOM Cyber Now
The post Improve Investigation Accuracy With Higher Timestamp Resolution appeared first on Magnet Forensics.