Magnet AXIOM Cyber: Targeted Locations Quick Reference Guide For Mac and Windows
When you're performing a remote collection of a target endpoint, time is of the essence. You want to acquire the most amount of valuable data in the least amount of time. But where do you start? It could be especially challenging if the endpoint is a Mac given APFS isn't built like NTFS and data is stored in different locations altogether.
We've curated a list of targeted locations that you can use as a quick reference when performing a remote acquisition of a target endpoint.
In this guide, get specific file paths for files and artifacts that are commonly of forensic interest such as:
- User Data
- Web Browsing Activity
- Registry Hives
- Bash History
- And more!
Brought to you by: