Enhanced WhatsApp Support And Much More Available In Magnet AXIOM 2.6

Magnet AXIOM 2.6 is bringing big updates to Magnet AXIOM Cloud with WhatsApp backups, iCloud and Cloud Administrator account support. Together with improvements to Magnet.AI and to overall performance, AXIOM 2.6 demonstrates our commitment to being the gold standard for usability.

Try it for yourself now! If you’re a customer, download AXIOM 2.6 right now either in-app or in the Customer Portal. If you want to try AXIOM 2.6 for yourself, request a trial today.AXIOM Cloud Updates
WhatsApp Backups

Within AXIOM 2.6, AXIOM Cloud can also now acquire and decrypt WhatsApp backups stored in an Android user’s Google Drive account. This capability is critical as the WhatsApp backup may contain information no longer available on the user’s phone. To simplify the process, WhatsApp is available as a source of evidence under AXIOM Cloud.

AXIOM 2.6 has brought a major overhaul to our support of WhatsApp for iOS and Android, particularly:

– iOS: Updated parsing support for messages to recover attachment previews, contacts, shared contacts in vCard format, and latitude and longitude data for shared location messages (including thumbnail previews), sender information for group messages, group member history for group messages, and user names
– Android: Updated parsing support to recover contact profile pictures, frequently contacted users, generic attachments, media attachments, user names, and cached locations


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Note, AXIOM requires the phone number associated with the WhatsApp account and the user’s Google credentials in order to decrypt the WhatsApp data. We also created a new mobile artifact that will attempt to find the WhatsApp decryption key from the suspect’s phone, making the process easier for examiners.

Keep an eye out for more WhatsApp updates in future releases!

iCloud

Some suspects may not realize that key evidence hasn’t been permanently deleted and is still in the recently deleted section of their iCloud account. AXIOM Cloud can now acquire recently deleted documents and other files in an iCloud account — giving you the capability to extract files that haven’t yet been permanently deleted.

Cloud Administrator Accounts

Office 365 and Box administrators will now see more details related to user’s accounts, making it easier to select the correct user and content to acquire.

Finding Evidence Faster in Magnet.AI
Magnet.AI helps you better prioritize your time in an investigation by uncovering critical image evidence faster than with a manual review.

We’ve been expanding the image classification capabilities in Magnet.AI to include detection of vehicles, buildings (exteriors) and drones, in addition to images that may contain nudity, weapons, CSAM, drugs, screen shots, money, documents and personal ID (e.g., passport, license).

The Gold Standard for Usability
We’re always striving to make AXIOM the most user-friendly software on the market. We want to make sure you’re not wasting time trying to figure out how to use the options available on a case. In AXIOM 2.6, we’ve taken some steps to help maintain our high standards.

Quick Tips in AXIOM Examine

With all of the new capabilities we’ve introduced in the last year alone (including Mobile Password Bypass, Connections, Volatility integration, and Magnet.AI), it can be easy miss some of the options that are available to help you get through cases faster. That’s why we’ve included quick tips within AXIOM — short overviews of features with links to learn more. We’ve worked really hard to make sure these tips aren’t obtrusive and you’ll have the option to disable tips and never see them again.

Remove Evidence

You can now remove evidence items from a case if necessary — such as if you want to reduce the footprint of the overall case and improve performance for an investigator review. All removed evidence is logged with a time stamp and lists the evidence numbers of the data that was removed.

Email Attachments

AXIOM 2.6 has a new artifact category that consolidates all email attachments into one spot, letting you easily review the attachments and associated metadata — meaning you no longer have to manually filter all emails with attachments in order review them. You can also link directly back to the originating email artifact hit that contained the attachment.

On top of this, you can also run Magnet.AI on all email attachments (e.g., pictures) to easily identify content of interest.

Filtering, Sorting & Key Word Searching UX Improvements

We’ve improved the discoverability for our filtering capabilities on artifact column values (e.g., filter an artifact column like event logs) as well as added options to cancel accidental filtering, key word searches and sorting.

AXIOM Performance – Find Evidence Faster
AXIOM 2.5 brought a huge spike in performance improvements, but that doesn’t mean we’re slowing down! With AXIOM 2.6, we’ve improved the ability to review picture evidence by reducing the time it takes to resize pictures in AXIOM, seeing current scan-time improvements of up to 40% on picture heavy cases — depending on how many pictures are recovered.

$UsnJrnl Support
We’ve delivered support for parsing the $UsnJrnl —a frequently requested artifact from our customers, especially those doing incident response or other corporate investigations. This artifact will provide valuable insight into the running set of changes that were made to files or directories on an endpoint or a suspect’s machine.

Updated Artifacts
We’re always bringing new and updated artifacts to each release of AXIOM. Here’s what’s included in AXIOM 2.6:

New in iOS/MacOS:

– App Data Usage
– Connection History

New in Android:

– Jott

New in Windows:

– Skype App (v12)
– IME (Keyboard History)
– Bitcoin Debug Logs
– KakaoTalk Media Decryption
– $UsnJrnl

Updates:

– WhatsApp (iOS/Android)
– MMS (Group Message — Android)
– SMS/MMS Content Provider (Android)
– Twitter (Android)
– .WMV
– Carbonite Backup Logs (Windows)

If you’re already using AXIOM, download AXIOM 2.6 over at the Customer Portal. If you want to see how AXIOM 2.6 can give you a better investigative starting point, request a free 30-day trial today!

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 19 hours ago

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 19 hours ago

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_SE7Cl5jkigk

Maximising Data Collection With SaaS Innovations

Forensic Focus 10th June 2024 12:42 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles