Magnet AXIOM 3.7 Is Available With Google Warrant Returns, Mac Updates And More

Get Magnet AXIOM 3.7 as an update within AXIOM or as a download over at the Customer Portal today. AXIOM 3.7 provides support for Google warrant returns, KTX files, AFF4 physical images from Macquisition, and much more!

If you haven’t tried AXIOM yet, request a free 30-day trial here.


Support for Google Warrant Returns

Magnet AXIOM now supports Google warrant returns — giving law enforcement a potential wealth of information related to the owner of the Google account. AXIOM can be used to parse these returns and will provide investigators with information such as:


– Account Information

– Browsing History

– Chats

– Devices

– Login History

– Search History

– All media and documents included in the package — including Google Drive and Google Photos


KTX File Support

KTX image files are used on iOS devices to store critical information that could be useful in your investigations — information like snapshots of the application state when an app has been minimized and snapshots of web pages in Safari that remain open on tabs.


Ingest AFF4 Physical Images from Macquisition

You can now ingest and process the AFF4 physical images acquired from Macquisition. Starting in 2017, Mac computers have Apple’s T2 security chip providing hardware-assisted encryption for data stored on the system.


As an APFS Container on a T2 hardware-encrypted system is acquired, MacQuisition interfaces with the chip to decrypt the protected data, creating a decrypted physical image using the AFF4 format.


macOS Extended Attributes

Extended attributes are arbitrary metadata stored with a file on macOS. They are separate from the attributes that are strictly determined by the filesystem (such as modification time or file size). These attributes contain extra information about the file that is completely customizable.


AXIOM 3.7 lets you access the complete extended attributes of a file and preview them within a hex and text preview card.


For example, if you’re seeking information about how a file had arrived on the system, the attribute kMDItemWhereFroms provides examiners this context — whether it be from a web download, or via AirDrop.


Learn more about extended attributes, spotlight metadata, and the quarantine events database in this video from Trey Amick, Forensics Consultant:




Update to PhotoDNA

In AXIOM 3.7, we’ve updated our PhotoDNA library and have optimized our implementation to improve performance for those of you using PhotoDNA technology in your ICAC investigations.


New Advanced Filters

Get to the evidence faster by using “Include” or “Exclude” searches with multiple strings, as well as proximity searches (search for certain text near other text.) These filters are available for Global Keyword Search and column filters.


New Artifacts


– Wickr ME (iOS) – Learn more about Wickr ME in this blog from our Forensic Consultant, Mike Williamson.

– Chatous (iOS/Android)


Updated Artifacts

– Messenger (iOS)

– Snapchat (iOS)

– .m4a Videos

– Mail (iOS)

– Device Information (iOS)

– Android Contacts

– SMS/MMS (Android)

– Owner Information (iOS)

– Anti-Forensic Tools (Windows)

– Google Searches

– amcache (Windows)

– Human Trafficking Websites


Get Magnet AXIOM 3.7 Today!

If you’re already using AXIOM, download AXIOM 3.7 over at the Customer Portal. If you want to see how AXIOM 3.7 can help you find the evidence that matters, request a free 30-day trial today!


If you’re interested in a new solution, purpose-built for organizations needing to perform remote acquisitions and collect & analyze evidence from computers, cloud services, and mobile devices, then find out more about the beta program for our newest product: Magnet AXIOM Cyber.

Leave a Comment