Magnet AXIOM 6.0: Surfacing More Evidence than Ever Before

We’re proud to announce the availability of Magnet AXIOM 6.0!

You can upgrade to the latest version within AXIOM or over at the Customer Portal.  

With AXIOM 6.0, we’ve focused on automatically surfacing accessible evidence, helping you cut through the non-relevant data quickly.

We’ve tightened the workflow between mobile and cloud investigations and the overall investigative workflow by:

  • Introducing the new Cloud Insights Dashboard
  • Surfacing more relevant passwords and tokens
  • Introducing Email Recovery Support for Windows Mail and the Outlook App
  • Allowing for selective category extraction support for “Connect to GrayKey” integration
  • And so much more!

Oh, wait…

We forgot to mention: Dark mode!

If you haven’t tried AXIOM or AXIOM Cyber yet, request a free trial here.  

Cloud Insights Dashboard

With AXIOM 6.0, we’re excited to introduce the Cloud Insights Dashboard. Now, more cloud account information will be automatically surfaced, making it easier to identify which cloud accounts are associated with the device extractions.

The Cloud Insights Dashboard is a big win for both reducing time to evidence by streamlining the recovery of more passwords and tokens, but also automatically uncovering new sources of evidence, offering you the opportunity to include more information in search warrants.

All of this is within an easy-to-use user-interface to navigate all your cloud investigation needs. You will be able to launch the cloud acquisition workflow directly from the dashboard, while collecting all your related data in one place.

Check out this blog and how-to video to see the Cloud Insights Dashboard in action.

Magnet AXIOM Cloud Authenticator

We are also introducing the Magnet AXIOM Cloud Extension for Chrome browsers in AXIOM 6.0 to help cloud acquisitions.

In 2019, Google announced that they would discontinue support for CEF browser (which to this point has the primary means that was used to log-in to accounts from AXIOM). The CEF browser is currently working a reported 50% of the time, so remains a viable option to log into accounts, but it appears that support is slowly winding down.

The Magnet AXIOM Cloud Extension will act as a Google Chrome profile for the account you are attempting to log into when doing a cloud acquisition. Because it effectively acts as a user profile, we have included several safeguards. For example, when an examiner has logged into the account a log is generated in the account, other tabs will be prevented from opening, and when you logout, the current tabs will be destroyed. When you do use this method, be sure to open AXIOM and follow the workflow from within AXIOM otherwise, if you add the Chrome extension outside of the AXIOM acquisition workflow, it will prevent your personal Chrome profile from opening tabs, rendering it unusable.

The Magnet AXIOM Chrome Extension will help to overcome the decommissioning of the CEF browser login method, allowing you to maintain access to acquirable cloud accounts, but please be sure to read the knowledge base article in full prior to attempting to use it.

Check out this blog and how-to video to see how to deploy the Magnet AXIOM Cloud Authenticator.

Complement AXIOM 6.0 With the MAGNET Apple Warrant Return Assistant

Along with the cloud insights dashboard, we have introduced the MAGNET Apple Warrant Return Assistant as a free tool to complement your cloud investigations.

Typically, when receiving a warrant return from Apple, the package is a collection of several encrypted files that need to be downloaded individually, decrypted, and decompressed. It’s a time-consuming process that requires your attention at multiple stages of the collection.

With this free tool, it’s a one-click solution to download, decrypt, decompress, and organize your Apple warrant return data into one easy-to-process package.

Download the MAGNET Apple Warrant Return Assistant for free here.

Surfacing More Relevant Passwords, Tokens, and Evidence

We’ve also improved the collection and surfacing of data to the refined results section of AXIOM, making it faster and easier to identify the data you have on-hand in easy-to-locate pages.

Previously, you could collect login credentials, passwords, and authentication tokens in several locations—whether they were specific databases or individual app directories. Now, we’ve collected more of those results to bring them to the surface for you.

The manual effort to identify and tag data is now reduced, but it also will let you know that more sources of data are available overall without having to do manual checks. These results are surfaced in two refined results categories “Passwords and Tokens” and “Cloud Passwords and Tokens”. The “Cloud Passwords and Tokens” draws supported cloud data from the “Passwords and Tokens” results and then feeds them into the Cloud Insights Dashboard to make it easier to take the appropriate steps to acquire the data. Recovered passwords and tokens that aren’t related to cloud accounts will be located in the “Passwords and Tokens” category.

As you recover tokens and passwords, and when you have proper legal authority, it will be that much easier to recover credentials for Google, Microsoft, and even iCloud, so you can, for example, recover iOS 15 device backups.

With AXIOM 6.0, you can now also collect Google Drive Activity with artifact support, allowing you to recover file activity such as: Create, Edit, Move, Rename, Delete, Restore, and more.

Email Recovery Support for Windows Mail and the Outlook App

We’re pleased to announce that with AXIOM 6.0, you can now collect email evidence from Windows Mail on PCs and from the Outlook app for macOS, iOS, and Android— something that was a significant challenge for the industry.

Initial support will enable you to locate the name of the sender, the content of the email sent, and time stamps.

Category-Based Extraction Support for “Connect to GrayKey” Integration

Last year, category-based extraction was introduced for GrayKey, allowing you to select and acquire specific categories of data rather than extracting the full mobile image—a significant time savings for mobile devices that now regularly offer storage capacities of 64-256GBs.

With the “Connect to GrayKey” direct integration in Magnet AXIOM, you can select specific categories for acquisition, while taking advantage of iOS keychain pre-processing. For Android, we offer the same category extraction with app-specific decryption with supported keystore data.

Find and Tag Tattoos and Invoices Automatically with Magnet.AI

Magnet.AI has two new classifier options that will allow you to identify and tag images that contain tattoos or invoices so you can filter to those images only, and then, for example, review them quickly and easily in Media Explorer.

Dark Mode

And, to top it all off, these updates look fantastic in dark mode.

When you spend hours investigating digital evidence every day, we want to make it more comfortable for you to work in AXIOM. Over the course of the year ahead, we will continue to evolve AXIOM and improve our customer experience for you.

New Artifacts

  • Google Drive Activity // Cloud 
  • Outlook emails // iOS

Updated Artifacts

  • All URL-based refined results
  • Android SMS / MMS
  • Apple Keychain
  • Bitcoin Debug Logs
  • Bluetooth Devices
  • Chrome Logins
  • Cloud Passwords & Tokens
  • Identifiers – People
  • iMessage Messages
  • Outlook Emails
  • Outlook Accounts
  • Passwords & Tokens
  • Photos Media Information
  • Proton Mail
  • Slack Workspaces
  • SMS / MMS
  • Telegram Users
  • Telegram Messages
  • Videos
  • WhatsApp Messages
  • Windows Mail

Get Magnet AXIOM 6.0 Today!

We are continually improving AXIOM to help reduce your time to evidence, while surfacing the most relevant data possible. When every second counts, it’s important that we do what we can to streamline your workflow. We’re excited that these AXIOM improvements can help to do exactly this.

If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.

The post Magnet AXIOM 6.0: Surfacing More Evidence than Ever Before appeared first on Magnet Forensics.

Magnet AXIOM 6.0: Surfacing More Evidence than Ever Before