New Free Tool: MAGNET Chromebook Acquisition Assistant
We’re proud to announce the release of a brand-new tool for your toolkit, the MAGNET Chromebook Acquisition Assistant (MCAA)! Better yet, it’s free! Grab your copy of the MCAA here.
Acquiring forensic images of Chromebooks is becoming more prevalent than ever before, and the need will likely continue to increase with the exponential sales growth of Chromebooks globally.i Current methodologies are complex and risky, though, because traditional acquisition techniques often require the Chromebook be in Developer Mode to be imaged, or switched to Developer Mode, which will wipe the user data.ii
An additional benefit of imaging the Chromebook rather than just investigating the associated cloud accounts, is that there can be additional data only available on the physical drive. Because of the challenging nature of Chromebook imaging, the need to streamline and automate the acquisition process has been significant.
How the MAGNET Chromebook Acquisition Assistant Works
The MAGNET Chromebook Acquisition Assistant (MCAA) will help you acquire a logical image from a Chromebook when you have the username and password, and without requiring it to be in Developer Mode. Chromebook forensic images are acquired with a USB drive and the MCAA’s wizard style walkthrough will help you prepare the USB drive for image acquisition.
The MCAA has been developed to automate much of the workflow first proposed in the Daniel Dickerman Chromebook Forensic Acquisition method.
The MCAA, however, does not cover the full acquisition method outlined in Dickerman’s method, which requires that the Chromebook already be in Developer Mode, but as we mentioned, putting a Chromebook into Developer Mode will wipe the user data. Nevertheless, if you’d like the full method to be added to this tool, please send feedback to MCAA@magnetforensics.com.
- Simple interface with wizard style walkthrough for acquisition
- Makes preparing a USB drive to be used for acquisition of data fast and easy
- Extracted images can be directly processed with AXIOM
- No Linux skills required
Once you have acquired the image with the MCAA, it can be ingested in Magnet AXIOM® and Magnet AXIOM Cyber via the “Mobile > Android Image” evidence source option (a specific workflow for Chromebooks is coming in the near future!). This will scan the image, recover app data, and key artifacts and allow you to analyze the results with the robust analysis features of AXIOM and AXIOM CYBER.
Both AXIOM and AXIOM CYBER have recently been updated to support Chrome artifacts from Chromebooks in the 4.11 release. With 4.11, we introduced support for over 25 Chrome artifacts including:
- Media History
- Web History
- And more!
Other Chromebook Resources
We also have several resources created by Jessica Hyde to support your analysis of Chromebooks and to get the most out of AXIOM.
Be sure to:
- Check out “Chromebook Data Locations” that goes into detail on common locations in Chromebook extractions where you can find useful data.
- Register for “Taking Chromebook Analysis to New Heights” to see the webinar presented at Techno Myrtle Beach. Register for by clicking the hyper-link above.
- See it in action by attending our Tips & Tricks webinar on Thursday, April 15.
Download the MAGNET Chromebook Acquisition Assistant here and be sure to check out other free tools that are currently available.
The post New Free Tool: MAGNET Chromebook Acquisition Assistant appeared first on Magnet Forensics.