GrayKey Integration And A New SQLite Viewer Come To Magnet AXIOM 3.1

The innovation of Magnet AXIOM 3.0 continues with the release of Magnet AXIOM 3.1—which is now available to download!

In this release, we’re excited to have developed our exclusive technology partnership with Grayshift by integrating the loading of GrayKey images directly within AXIOM. We’ve also introduced a new SQLite viewer to give you better access when reviewing SQLite databases. And we’ve brought support for 12 Chromium-based browsers on Android—leading to 90 new supported artifacts.

On top of these new features, we’ve continued to build on the great new features of AXIOM 3.0, with new Mac artifacts and further enhancements to Cloud acquisition (including Facebook Warrant Returns and public Twitter acquisitions), Timeline, and media categorization.

If you’re not already using AXIOM and want try AXIOM 3.1 for yourself, request a trial today.


Load GrayKey Images Directly Within AXIOM

Building on our exclusive technology and distribution partnership with Grayshift, AXIOM 3.1 brings integration with GrayKey devices, allowing you to connect and load images directly into AXIOM Process—eliminating the need to manually copy and load images.


This integration streamlines the process for selecting and loading GrayKey images. Once connected, you can see all images stored on the device, and pick the image components you want to process. AXIOM will look after loading the image from GrayKey to AXIOM. Plus, it will use the image hashes to validate that the files were correctly loaded. Once you’re done loading the GrayKey images, simply choose the image components for processing.


Check out this how-to guide on how to load GrayKey images with the new GrayKey integration within AXIOM.


Want to learn more about using AXIOM and GrayKey together in your iOS investigations? Join us and Grayshift for a live webinar on May 21 at 10:00AM & 2:00PMET. You can register here.

New in AXIOM 3.1: SQLite Viewer
The new SQLite viewer will give you greater flexibility in reviewing evidence so you can quickly and easily find the most relevant data. The new viewer includes the ability to:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


– Quickly review table contents
– Filter on columns
– Search tables
– Execute custom SQL queries
– Export directly to .CSV and Excel files

The new SQLite viewer is launched when you select any .db or .sqlite file from the File System Explorer. It will allow you to stay within the context of AXIOM while enabling advanced search and review capabilities—speeding up your manual review and validation times.

Updates to Facebook Warrant Returns and Public Twitter Acquisitions
AXIOM 3.0 brought the ability to process Facebook Warrant Returns using AXIOM Cloud, as well as gathering data from public Twitter profiles. With AXIOM 3.1, we’re ensuring that you can get even more data from those sources.

Facebook Warrant Returns

Facebook Warrant Returns includes a lot of information about a suspect’s Facebook activity. This includes details on anything that they had posted to the platform. When working on Facebook Warrant Returns, we have added the ability to collect and display information on pictures and status updates posted by the user.

Twitter

If you’re looking to collect publicly available Twitter information, you now have better control over the information you want to acquire. Now you can decide to only collect:

– Tweets (all public tweets authored by or retweeted by the user)
– Who they’re following (account information for accounts that the user follows)
– Followers (account information for accounts that follow the user)

This update can greatly improve collection times—especially for accounts that have a large number of tweets, followers, or Twitter users that the suspect is following, which may not be relevant to the investigation.

Now Supporting 12 New Chromium-Based Browsers for Android
AXIOM 3.1 introduces support for 12 new Chromium-based Android browsers and 90 new artifacts including web history, downloads, bookmarks, search details and more!

There are many different Chromium-based browsers available to users that are popular in different regions and often advertise enhanced security or privacy capabilities. Each browser stores its own data including browser history, bookmarks, search history and other important artifacts that may be crucial to an investigation. With this added support, you will have more opportunities to identify critical evidence in your cases through artifacts. Here are the browsers now supported:

– Aloha
– Android Browser
– Brave
– Ecosia
– Iron Browser
– Kiwi Browser
– Lunascape
– Opera
– Sleipnir
– UC Browser
– Whale
– Yandex

Read more about our new artifacts supporting Chromium-based browser artifacts over on our blog, here.

Performance Improvements
As always, we’re working to continually improve the performance capabilities of AXIOM. With AXIOM 3.1, we have reduced that amount of data we store in the attachment database when carving videos from evidence files, reducing the amount of memory being used during processing, as well as the footprint of the case on disk. In a baseline 500GB case, the overall footprint on disk was reduced by 36%, from 227GB to 140GB.

Additionally, we’ve continued to refine the performance of the new Timeline view, introduced in AXIOM 3.0.

Support for Exporting Media in Project VIC JSON Version 2.0
AXIOM now supports exporting media in the Project VIC JSON version 2.0—in addition to the existing support for version 1.2 and 1.3. VICS 2.0 adds support for associating a number of additional attributes with media to support advanced investigative techniques. This will be helpful when you want to be able to leverage extended VICS data to better understand which media should be sent to Victim Identification teams for review.

New Artifacts
– Contacts (MacOS)
– Quicklook Thumbnails (MacOS)
– MacOS Keychain (MacOS)
– Recovery Accounts (MacOS)
– Mail.ru Agent (iOS & Android)
– Reddit (iOS)
– Gmail (iOS)
– Lyft (iOS)
– Android Browser (Android)
– MS Edge Chromium (Windows)
– VLC Player (Windows & MacOS)
– Facebook Warrant Return (Photos)
– Facebook Warrant Return (Status Updates)

Updated Artifacts
– Prefetch (Windows)
– Skype (Windows & Android)
– NTLM Hashes (Windows)
– Chrome (Windows & MacOS)
– KnowledgeC (iOS)
– Signal (iOS)
– Mail (iOS)
– Instagram (iOS)
– Gmail (Android)
– Telegram (iOS & Android)
– Tik Tok (iOS & Android)

Get Magnet AXIOM 3.1 Today!
If you’re already using AXIOM, download AXIOM 3.1 over at the Customer Portal. If you want to see how AXIOM 3.1 can help you find the evidence that matters, request a free 30-day trial today!

Leave a Comment