Magnet AXIOM 1.1.3 Now Available With Enhanced Mobile Acquisition

Magnet AXIOM 1.1.3 not only makes it easier for users to acquire and process images from mobile devices, but also brings improvements to reporting capabilities — making the experience an even smoother one for stakeholders to use the evidence presented to them in their investigations.

Find out more about what’s included in Magnet AXIOM 1.1.3.

Mobile Enhancements

– PLIST Viewer – Preview .plist files and analyze content for iOS apps and devices that don’t yet have native artifact support.
– iOS Processing & Analysis Improvements – A number of improvements have been made to the stability of iOS processing, and now show decoded iOS filesystems.
– Encrypted iOS Device Acquisition – iTunes backups of iOS devices can be a valuable source of data — particularly when they’ve been encrypted. Now, you can create an encrypted backup of an iOS device (with a password of your choosing) and decrypt it to get more information than from an unencrypted backup.
– Guided Mobile Acquisition Workflow – New to mobile device examinations? Examiners that don’t regularly perform mobile acquisitions will now have a helpful guide throughout the process to ensure they’re getting the best image possible.
– Improved Android Device Detection – Improvements in device drivers have increased the ability to detect Android devices in AXIOM Process.
– Displayed Available Space for Acquisition – See how much space is available for acquiring evidence and for your case folder path to ensure errors don’t occur during acquisition.

Reporting Improvements

Reporting is a key part of an examiner’s workflow. With Magnet AXIOM 1.1.3, feedback has been taken directly from users to make a number of impactful changes to help improve the overall experience.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

– Exclude Media/File Attachments in Reporting – Generate reports that keep illegal media, such as child pornography, files from being visible to stakeholders.
– Various Reporting Improvements – A variety of improvements have been made to the overall reporting process that will make reports easier for examiners and investigators to navigate and execute:

– An easier to understand HTML report structure
– The ability to organize HTML & PDF reports by tag and artifact category
– HTML reports can be organized by artifact category
– Detailed reports are now always selected by default
– Reports are now WYSIWYG for all columns/views
– A new UI indication is available for sent/received in chat thread previews and exports

Magnet AXIOM customers can get the latest version of Magnet AXIOM over in the Customer Portal today.

Want to try Magnet AXIOM for yourself? Get a free 30-day trial now.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...