Magnet AXIOM 6.1: More Evidence from the Outlook App and Google Chrome

Magnet AXIOM 6.1 is now available, helping you automatically surface evidence from even more sources, including the Outlook app, Windows Mail, and Google Chrome.

In addition to expanding the evidence you can recover from the Outlook app and Windows Mail to include email attachments, we’re also continuing to reinforce the strength of AXIOM’s cloud capabilities by introducing the ability to recover Google Chrome logins for iOS and macOS—opening the door for examiners to access more logins and passwords for the cloud services stored in “Chrome Safe Storage.” We’ve also enhanced the performance of AXIOM in a few key areas and updated over 40 key artifacts.

In case you missed it, catch up on the release of Magnet AXIOM 6.0, where we introduced the Cloud Insights Dashboard and the Magnet AXIOM Cloud Authenticator, and so much more.

You can upgrade to the latest version within AXIOM or over at the Customer Portal.

If you haven’t tried AXIOM yet, request a free trial here.

Recover Email Attachments for the Outlook App and Windows Mail

In AXIOM 6.0, we introduced the ability to recover email from the Outlook App and Windows Mail. Now with AXIOM 6.1, you can now also recover email attachments.

Recovering email from the Outlook app for iOS, Android, and macOS, and Windows Mail on PCs has been a surprisingly challenging problem. Now you can recover email copy, sender name, sender email, time stamps (for received mail), the time the email was created, as well as attachments if the content is still stored in the database.

Speaking of improving email investigations, you can also now optionally include a .MSG copy of the email to easily share email messages with other stakeholders.

The Outlook app is currently the #3 productivity app in the Apple App Store and has over 500 million downloads in the Google Play store, so there is a growing chance that it may be a relevant source of evidence for your investigations.

Access More Cloud Services with Chrome Logins

We are building on the cloud password and token enhancements we made in AXIOM 6.0 by giving you the ability to automatically decrypt Chrome Logins for iOS and macOS in AXIOM 6.1.

For iOS, if the keychain is provided when processing the evidence, AXIOM will automatically decrypt the logins and display the password as plain text. ​On macOS, the “Chrome Safe Storage” key must be provided via the keychain in the options dialog before AXIOM is able to decrypt it.

By decrypting the Chrome Logins, passwords will be provided for all the applications that a user logged into and saved the password for via Chrome, making it a significant first step in your investigations. Then, for applications with cloud acquisition support, you will then be able to acquire cloud data using the decrypted credentials if you have the appropriate legal authority.​

​Faster Performance when Tagging and Viewing Conversations

Beyond helping you surface more evidence from more sources, we’re also focusing on improving the overall user experience within AXIOM.

With AXIOM 6.1, we’re excited to have introduced major performance enhancements to help you work your investigations even faster. First, we’ve significantly reduced the time it takes to “tag all” evidence items in large datasets. Based on internal testing, when tagging all artifacts in a case with 70,000 items, we decreased the time it takes for AXIOM to apply those tags by 78%! If you’re investigating email, mail logs, or even filtering and tagging all relevant evidence by date, you can now complete the task in a quarter of the time.

We’ve also reduced the time it takes to load large chat threads when switching to the conversation view, as well as the time required to load case files when clicking the HOME button to return to the case dashboard.

Updated Artifacts to Help You Get the Most From Your Mobile Sources

With vendors making frequent changes to the common applications and services involved in your digital investigations, we strive to quickly update our AXIOM artifacts in-line with the latest versions to help you keep pace. AXIOM 6.1 includes over 40 artifact updates—including key mobile artifacts across Android and iOS like LINE, Signal, and Snapchat—so you can be assured you’re getting the most evidence available from your sources.

Artifact Updates

Aloha Browser | Android

Apple Notes | iOS

Cloud Passwords and Tokens | Cross-platform

Cloud Passwords and Tokens | Cross-platform

Discord | iOS

DuckDuckGo Bookmarks | iOS

Edge Chromium Logins | iOS and macOS

Facebook User/Friends | Android

Gmail | Android and iOS

Google Accounts | Android

Google Meet Meeting History | Android

Home Screen Items | iOS

Identifier People | Cross-platform

KakaoTalk | Android

LINE Messages | Android

MEGA | Android

MEGA | iOS

Passwords and Tokens | Cross-platform

Private Photo Vault | Android 12

Signal Conversations | Android

Slack Users | iOS

iMessage/SMS/MMS | iOS

iMessage/SMS/MMS | iOS

Snapchat Chat Messages | iOS

Snapchat | Android

Snapchat | iOS

TextMe | Android

TextNow Chat | Android

TextNow Profile| Android

TextPlus Calls | Android

TextPlus Users | Android

UC Browser History | Android

USB Connection History | macOS 12

Viber | Android

Viber | iOS

Viber | iOS

Viber Messages | iOS

Wickr Me | iOS

Yahoo Webmail Accounts | Android 12

Yandex | Android

Zalo | Android

See How You Can Surface Even More Evidence with AXIOM

With AXIOM 6.0, we reduced your time to evidence and streamlined your investigative workflow by:

With AXIOM 6.0 (and now AXIOM 6.1), you can be more selective in what you acquire, uncover more evidence from those sources, and analyze more data automatically. Cloud sources, emails, media, and mobile devices have never been easier to analyze all-in-one case.

Read about all the great improvements introduced in Magnet AXIOM 6.0 in the announcement blog, here.

Get Magnet AXIOM 6.1 today!

We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.

If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.

The post Magnet AXIOM 6.1: More Evidence from the Outlook App and Google Chrome appeared first on Magnet Forensics.

Magnet AXIOM 6.1: More Evidence from the Outlook App and Google Chrome