I recently had the opportunity to take the AX200 Magnet AXIOM Examinations class (On-Demand) and wanted to share my experience for those thinking about taking the class.

Full disclosure: I did get access to this course for free from Magnet in exchange for feedback, but they didn't ask me to write this post in return.

Whether On-Demand works for you or not is really personal preference; some people like that they can work through it at their own pace and repeat sections as required. My preference would have been to take the class in person as I feel like you get a better experience in the class, not to mention you can focus on the task at hand. Unfortunately I missed my opportunity as the class was run nearby when I was overseas.

Platform

The class is run through the Litmos virtual training platform and students get access to a virtual machine with the tool and case data through Citrix. Once you get the PEBKAC errors out of the way the Citrix VM system is pretty painless and it means that you don’t have to mess with much in terms of configuration. A good thing about it is that the instructor can login and fix things up if you’re doing something wrong, or load files/case data on in the background without your interaction, which is helpful. If you want to test out AXIOM on your own hardware Magnet have been known to give out trials, and there’s plenty of available evidence sources to throw at it. Special thanks to Jamey for his patience helping me sort out some issues!

Personally I wasn’t a huge fan of the Litmos platform. I like to speed playback of the content up because I have a very short attention span otherwise I lose focus, and the platform didn’t allow for that. I also found that if you stopped halfway and tried to come back it would mark that section as completed and occasionally it would just show a white screen until you refreshed (and then found your position again). Not insurmountable, just a minor annoyance.

Content

Overall I thought the course was great for those that have little to a moderate amount of experience with AXIOM. The reason being that they cover from start to finish in using the product from initial installation to acquisition, processing, review, and reporting of computers, phone and cloud sources.

If you use AXIOM regularly you may lose focus on the parts you know, but then miss the little tid bits that you don’t.

The course was relatively up to date with AXIOM versions too, using 2.10 which was the current version when I started. And because Magnet updates so regularly, 3.0 was released partway through me doing the course. Magnet’s monthly update cycle probably makes the training teams life a bit hectic. Especially when a whole new class of artefacts are added (re Mac support in 3.0).

The course does go beyond just explaining which buttons to push, touching on a variety of artefacts that are useful to understand. The instructors explaining some of the forensic concepts behind the data is great to have.

Certification

After you complete the course you are able to take the certification exam.

It’s 75 questions in 2 hours with a pass mark of 80%. It’s all done online so you can do it in your own time shortly after you complete the course (but you do have to complete the course first and then submit your interest in doing the cert).

Some of the questions are theory based on the manual, and others are practical based on a couple of images. It’s recommended to download the case data, process it, and have a look through based on the scenario. I found that doing this meant that I didn’t have to worry too much about processing time, and had a grasp of the data available to me during the exam.

Once you pass they send you a certificate, and this pretty cool challenge coin.

Overall

My overall impression of the course is that it is something that people that use AXIOM should seriously consider taking, just to understand the ins and outs of the tool to use it as effectively as possible. The added bonus is that you can get certified on it as well, which may be important if your credentials are questioned at court.

Conveniently, Magnet offers a training annual pass for ~5k USD, so if you’re planning on taking two classes it’s actually more worthwhile to go that route. AX250 Advanced Computer Forensics looks like a very interesting course, and the new AX310 Magnet AXIOM Incident Response Examinations also looks good.