Magnet Nexus
Building a cloud-based endpoint collection tool for digital forensic examiners
Overview
Magnet Nexus is a cloud-based endpoint collection tool that enables digital forensic examiners to remotely collect evidence from thousands of endpoints simultaneously. Unlike legacy tools that required direct-to-desktop collections, Magnet Nexus offloads collection to the cloud—reducing friction, improving performance, and accelerating investigations.
I led the end-to-end design from user research through final implementation, working closely with product managers, engineers, and forensic subject matter experts to launch a solution that transformed how investigators collect endpoint data.
The Problem
Forensic examiners faced critical inefficiencies that slowed investigations and introduced unnecessary risk:
Performance Bottlenecks
- Evidence collected directly to local machines
- Limited processing capacity
- Unable to run concurrent collections
Scalability Issues
- No efficient solution for multiple endpoints
- Difficult to manage at enterprise scale
- Manual processes prone to errors
Poor Visibility
- Unclear collection status
- No real-time endpoint monitoring
- Fragmented, difficult-to-navigate UI
Design Process
Key Research Insights
Through observational interviews and contextual inquiry with forensic examiners, incident response teams, and SOC analysts, I identified three critical pain points:
- → Workstation-to-endpoint connection was a major bottleneck — collecting directly to local machines slowed investigations and risked data loss
- → Cloud-based collection was recognized as essential — users needed faster access, better collaboration, and enterprise scalability
- → Too many manual steps created error potential — especially critical during high-pressure incident response scenarios
The Solution
I designed a cloud-native platform with three core components that work seamlessly together:
1. Endpoint Dashboard
A comprehensive view of all connected endpoints with real-time status, advanced filtering by OS and region, and bulk action support for managing hundreds of devices simultaneously.
2. Collection Wizard
A streamlined two-step flow that guides users through evidence source selection and artifact configuration. Features non-linear navigation, profile-based templates, and clear visibility into what will be collected before initiating acquisition.
3. Case Management
Centralized hub for organizing investigations with at-a-glance status, notifications, progress tracking, and recently viewed cases for rapid context switching.
Impact & Results
Business Impact
Market Position
Positioned Magnet Nexus as the leading cloud endpoint collection solution for enterprise investigations
Customer Migration
Successfully migrated customers from legacy Axiom Cyber to scalable cloud workflows
Operational Efficiency
Reduced support tickets and collection errors through improved UX and real-time feedback
Key Takeaways
- User research uncovered hidden constraints Observing real workflows revealed pain points users had normalized—direct-to-workstation collection was slow, but they didn't realize cloud alternatives existed
- Progressive disclosure balances simplicity with power Surface essentials first while preserving advanced capabilities—filtering and sorting became core requirements after initial testing
- Real-time feedback builds confidence Status visibility was critical for users adopting a new cloud-based approach—knowing what's happening reduces anxiety during high-stakes investigations
- Collaboration with SMEs was essential Continuous partnership with forensic experts ensured technical accuracy and workflow alignment throughout the design process