Magnet AXIOM 3.7 Is Available With Google Warrant Returns, Mac Updates And More

Get Magnet AXIOM 3.7 as an update within AXIOM or as a download over at the Customer Portal today. AXIOM 3.7 provides support for Google warrant returns, KTX files, AFF4 physical images from Macquisition, and much more!

If you haven’t tried AXIOM yet, request a free 30-day trial here.


Support for Google Warrant Returns

Magnet AXIOM now supports Google warrant returns — giving law enforcement a potential wealth of information related to the owner of the Google account. AXIOM can be used to parse these returns and will provide investigators with information such as:


– Account Information

– Browsing History

– Chats

– Devices

– Login History

– Search History

– All media and documents included in the package — including Google Drive and Google Photos


KTX File Support

KTX image files are used on iOS devices to store critical information that could be useful in your investigations — information like snapshots of the application state when an app has been minimized and snapshots of web pages in Safari that remain open on tabs.


Ingest AFF4 Physical Images from Macquisition

You can now ingest and process the AFF4 physical images acquired from Macquisition. Starting in 2017, Mac computers have Apple’s T2 security chip providing hardware-assisted encryption for data stored on the system.


As an APFS Container on a T2 hardware-encrypted system is acquired, MacQuisition interfaces with the chip to decrypt the protected data, creating a decrypted physical image using the AFF4 format.


macOS Extended Attributes

Extended attributes are arbitrary metadata stored with a file on macOS. They are separate from the attributes that are strictly determined by the filesystem (such as modification time or file size). These attributes contain extra information about the file that is completely customizable.


AXIOM 3.7 lets you access the complete extended attributes of a file and preview them within a hex and text preview card.


For example, if you’re seeking information about how a file had arrived on the system, the attribute kMDItemWhereFroms provides examiners this context — whether it be from a web download, or via AirDrop.


Learn more about extended attributes, spotlight metadata, and the quarantine events database in this video from Trey Amick, Forensics Consultant:




Update to PhotoDNA

In AXIOM 3.7, we’ve updated our PhotoDNA library and have optimized our implementation to improve performance for those of you using PhotoDNA technology in your ICAC investigations.


New Advanced Filters

Get to the evidence faster by using “Include” or “Exclude” searches with multiple strings, as well as proximity searches (search for certain text near other text.) These filters are available for Global Keyword Search and column filters.


New Artifacts


– Wickr ME (iOS) – Learn more about Wickr ME in this blog from our Forensic Consultant, Mike Williamson.

– Chatous (iOS/Android)


Updated Artifacts

– Messenger (iOS)

– Snapchat (iOS)

– .m4a Videos

– Mail (iOS)

– Device Information (iOS)

– Android Contacts

– SMS/MMS (Android)

– Owner Information (iOS)

– Anti-Forensic Tools (Windows)

– Google Searches

– amcache (Windows)

– Human Trafficking Websites


Get Magnet AXIOM 3.7 Today!

If you’re already using AXIOM, download AXIOM 3.7 over at the Customer Portal. If you want to see how AXIOM 3.7 can help you find the evidence that matters, request a free 30-day trial today!


If you’re interested in a new solution, purpose-built for organizations needing to perform remote acquisitions and collect & analyze evidence from computers, cloud services, and mobile devices, then find out more about the beta program for our newest product: Magnet AXIOM Cyber.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...