Magnet AXIOM Incident Response Examinations (AX310)
During the AXIOM Incident Response Examinations (AX310) training, participants learn how to conduct a digital forensic investigation of a malware incident using a hands-on case. For this they use Magnet AXIOM and the associated Incident Response Toolkit.
For whom is this training intended?
This four-day training is designed for digital investigators who are familiar with the principles of digital forensics and want to expand their knowledge with advanced forensic and incident response techniques. It is recommended that participants complete the Magnet AXIOM Examinations (AX200) training first.
What do you learn during the training?
- Which functionalities Magnet AXIOM has.
- What malware is, what traces it leaves behind, how it behaves and how it can be stopped.
- How malware can penetrate and move through network traffic and how network traffic can be captured, filtered, and analysed during a malware forensic investigation.
- How WireShark works.
- How to use the Incident Response Toolkit to collect volatile data from a computer and create output using AXIOM to locate the malware.
- How to analyse the RAM memory of a computer involved in a malware incident and map which programs were running at the time and from which location.
- How PCAP files can be processed from RAM memory to support a forensic investigation.
- How a static analysis of malware can be performed using a virtual machine.
- How to create a dynamic analysis of malware.
- How to create a report of a malware investigation using AXIOM's artifact-first approach.
- How all the separate elements of a study can be extracted and correlated with each other.
This training is modular. Each module uses scenarios and hands-on exercises to reinforce the learning objectives.
Watch the video below for additional explanation of the AXIOM Incident Response Examinations (AX310) training: