If you’re currently using Magnet AXIOM, you can download the update within AXIOM or in the Customer Portal now. If you haven’t tried AXIOM yet, request a free 30-day trial here.
New in Magnet AXIOM 3.0: Mac Support
With AXIOM 3.0, we’ve introduced the ability to search and recover data from Apple products running macOS. AXIOM can now support decrypting FileVault2-encrypted drives, containers, and volumes, as well as support for parsing artifacts from APFS sources and traversing the File System explorer in AXIOM.
And, in keeping with our artifacts-first approach, we have also added more support for relevant macOS artifacts, including support for parsing user accounts information, FSEvents, connected devices, MRUs and the KnowledgeC database.
Go deeper into our Mac support in this how-to document.
A New Way to Look at Timeline
Looking at evidence through a time lens is one of the most common ways to understand a case, so with that in mind, we’ve greatly improved Timeline to provide you with a dedicated explorer to help you visually understand all timestamped artifacts and file system data in one view. The evidence can be easily filtered and sorted by date/time ranges, specific artifacts/items of interest, and keywords to help making review and analysis easier.
See the new Timeline in action in this how-to article and video.
Get Evidence from New Cloud Sources
With Magnet AXIOM 3.0, we’re incorporating open web data, self-serve data services, and warrant return data from social networks—allowing for building stronger case and drawing correlations between various pieces of evidence.
Facebook Warrant Return Packages
During an investigation, law enforcement may serve cloud service providers—such as Facebook—with a warrant, requesting information on a specific user. To comply with these requests, the service provider will typically return a digital package of evidence for law enforcement to review which includes artifacts for Facebook Messenger conversations, friends, and audit history.
AXIOM can now scan HTML-based warrant return packages from Facebook and identify useful artifacts for investigators.
Facebook “Download Your Info” Packages
Thanks to the General Data Protection Regulation (GDPR) law in the E.U., all online services that store personal user data have had to add features that allow users to download their personal information. These features provide a valuable new data set for law enforcement to work with as evidence when available. Investigators interested in using Facebook’s “Download My Data” feature in AXIOM should utilize the JSON format option from Facebook.
Like the existing Google Takeout capability, this feature will add support for scanning packages from Facebook to specifically pull out artifacts of interest.
Read more about our updates to Facebook here.
Public Twitter Without Credentials
You can now acquire data publicly available from Twitter without having to require the user’s credentials. This includes public-facing tweets from the user, as well as information on who the user is following, and who they follow—information that does not require a warrant.
Learn more about the capabilities of acquiring public Twitter information in this blog.
Slack
Slack has become a hugely popular collaboration platform for employees to easily communicate with individuals or teams using direct messaging.
Corporate investigators, with the account credentials of a suspect, can now acquire and analyze communication data directly from Slack—including public channel discussions and private chat data.
Learn more about Slack support in AXIOM 3.0 here.
Media Categorization Enhancements
We’ve furthered our media categorization capability with our increased compatibility with Project VIC/CAID hash sets. Our redesigned media categorization makes it even easier to focus your investigation on the data that is important to you using Project VIC and CAID data.
See for yourself how we’ve updated media categorization in this blog and how-to video.
Dynamic App Finder Improvements
Dynamic App Finder continues to be a valuable tool for examiners and with AXIOM 3.0, we’ve worked to find and report content of interest in databases on smartphones more reliably. This includes scanning database content for:
– Date/Times
– Geolocation data (coordinates)
– Street addresses
– References to countries/states/provinces/postal code/zip codes
– Email addresses
– Phone numbers
– URLs/URIs
Magnet.AI Performance Improvements
AXIOM 3.0 massively enhances the performance with which images are scanned leveraging Magnet.AI, now allowing for scanning images at a rate of up to or exceeding 25 images per second (when leveraging a GPU).
In addition to increasing the throughput, we have also increased Magnet.AI’s accuracy—making Magnet.AI an even more valuable tool to use in investigations.
New & Updated Artifacts
New MacOS Artifacts
– OS Information
– FSEvents
– User Accounts
– Login History
– Daily.out
-Trash
– Network Profiles
– MRU Files
– KnowledgeC
– USB Devices
– Startup Items
– Bluetooth Devices
– Bash Sessions
– Quarantined Files
– Connected Volumes
– Spotlight Shortcuts
– Installed Applications
– Finder Sidebar Items
– iMessage
– Mail
– Network Interfaces
– Custom Menu Items
– Dock Items
– Calendars (iCS)
New Mobile Artifacts
– Discord (iOS/Android)
– Android Keystore (Android)
– TikTok (iOS/Android)
New Cloud Artifacts
– Slack
– Facebook Warrant Return
– Facebook Download Your Info
– Public Twitter
Artifact Updates
– Slack (iOS/Android)
– Kik (Android)
– Usage History (Android)
– Gmail (Android)
– Telegram (Android)
– Chrome (Android)
– KakaoTalk (Android)
– Messages (iOS)
– WeChat (iOS)
– Grindr (iOS)
– iOS Device Info (iOS)
– Uber (iOS)
– Application Install States (iOS)
If you’re already using AXIOM, download AXIOM 3.0 over at the Customer Portal or within AXIOM. If you want to see how AXIOM 3.0 can give you a better investigative starting point, request a free 30-day trial today!
Want to see the new features in Magnet AXIOM 3.0 in more depth? We’ll be hosting webinars on April 9 for the America, Europe, Africa, and the Middle East and on April 10 for Asia-Pacific, covering all of the new features in Magnet AXIOM 3.0, and showcasing how you can use them to get find more evidence that matters in your investigations.
