Enhanced Support for macOS Triage: Magnet OUTRIDER 3.1

We’re proud to announce the availability of Magnet OUTRIDER 3.1!

With OUTRIDER 3.1, we are introducing even more triage support for macOS devices and external drives, including support for Chromium, Safari, and Firefox browser history and admin-level scan capabilities with credentials. We are also introducing prioritized directory scan order and support for NCMEC reports.

You can upgrade to the latest version of OUTRIDER over at the Customer PortalBe sure to login, then select “Magnet OUTRIDER”.

Because OUTRIDER is designed for live-system scans, it requires two separate installers: one for Mac and one for Windows. With the release of OUTRIDER 3.1, Windows triage is currently still version 2.2, so there are no updates for Windows triage. Keep an eye out for upcoming updates for OUTRIDER’s Window’s triage.

If you haven’t tried OUTRIDER yet, request a free trial here.  

Browser History Scanning for macOS

Browser history can be a rich source of evidence, and, for macOS triage, users can now scan Chromium, Safari, and Firefox browser history directories. With Magnet OUTRIDER 3.1, you can scan browser history via URL and keyword.

When paired with the new support for NCMEC XML imports, you can search browser history for the specific URLs and keywords as they relate to specific suspects or, as always, you can simply use OUTRIDER’s prebuilt default URL and keyword lists to identify sources of likely evidence for your case.

Support for NCMEC Reports

Since the release of macOS triage with Magnet OUTRIDER 3.0, we have heard from the community that support for NCMEC reports was one of the most valuable capabilities of OUTRIDER’s Windows triage.

We are excited to announce that with OUTRIDER 3.1, we can now include information from NCMEC reports for macOS scans. You can export reports from NCMEC to a .xml file and then add that file during OUTRIDER’s scan setup-phase. Then, as a device is scanned, any found hits will be displayed in the UI and when the scan is complete, the hits provided from NCMEC leads, will be included in the OUTRIDER report.

Prioritized Scan Order

Now with OUTRIDER 3.1, when scanning macOS devices, priority paths will scan certain directories first. The prioritized directories are scanned first because they tend to be the most frequently used and tend to contain contraband (or evidence of contraband) as a result.

The following directories will be scanned first for every user listed on the device:

  • /Library/Safari/History.db
  • Documents
  • Downloads
  • Desktop
  • Pictures
  • Movies

The “Search Priority Paths” option is enabled by default, but you can choose to unselect this option. If you do unselect the option, however, you will not be able to scan Safari browser history, so it is recommended that you keep this option enabled if you would like to search this directory.

Improved macOS Triage for Advanced Users: Admin-Level Scans with Credentials

With Magnet OUTRIDER 3.1, we’re improving the support for macOS triage and providing the opportunity to scan all user profiles on the device so you can collect more sources of evidence for your investigations.

Triaging macOS devices can be challenging, especially when there are multiple user accounts on a single device. With the advanced admin-level scans, though, you can gain access and scan all user accounts on a device, so long as you have the device’s administrative credentials. The standard OUTRIDER scan will review the contents of the logged in user, which in most cases will be what you need for your investigations.  

Check out how to run admin-level scans with Kim Bradley in this blog, Advanced Admin-Level Scan for macOS: Magnet OUTRIDER”.

Get the Most Out of OUTRIDER

Check out the upcoming Tips & Tricks session with Kim Bradley for an overview of how to optimize your triage activity with OUTRIDER 3.1.

Sign up today for the session, “Tips & Tricks // Streamline Your Investigation with Triage: From OUTRIDER to AXIOM”, today.

Get OUTRIDER 3.1 Today!

Request a quote and pricing information about OUTRIDER today by reaching out to us at sales@magnetforensics.com. As always feel free to reach out to us at outrider@magnetforensics.com if you’re having any issues or if you’d like to provide feedback. We’d love to hear from you!

The post Enhanced Support for macOS Triage: Magnet OUTRIDER 3.1 appeared first on Magnet Forensics.

Enhanced Support for macOS Triage: Magnet OUTRIDER 3.1