Magnet AXIOM 3.8 Brings AirDrop Artifacts, Checkra1n Acquisition Updates & More

Magnet AXIOM 3.8 is now available with new mobile artifact and acquisition enhancements — including AirDrop and full logical acquisition of iOS devices jailbroken using checkra1n, new Slack updates and much more!

If you haven’t tried AXIOM yet, request a free 30-day trial here.

New Mobile Artifacts and Acquisitions Available

Building on our continued Mac support, Magnet AXIOM 3.8, is bringing support for dedicated AirDrop artifacts that AXIOM can now parse out. Get a deeper look at what kind of rich data you can get from these artifacts:

We’ve also brought in more location artifacts from iOS devices including seen Wi-Fi devices, cell towers, and parked car locations.

If ‘Show Parked Location’ is enabled on an iOS device and Bluetooth or Carplay is leveraged in the vehicle, the phone will track approximately six weeks of locations frequented by the user. Wi-Fi Locations and Cell Tower Locations also track approximately a week of seen towers or Wi-Fi access points by the device which can also be useful in approximately tracking where users have been within that period of time — these can be useful tools for tracking patterns and locations over a period of time.

Additionally, AXIOM 3.8 performs full logical acquisitions of the Pixel 2 and parses deleted files for artifacts on Android EXT4 file systems. AXIOM will now display the metadata for deleted files from EXT file systems of Android mobile devices, so when reviewing a suspect’s Android phone, you can now find pictures that were recently deleted from the mobile phone that may contain explicit material.

Acquire Evidence from checkra1n Jailbroken iOS Devices

AXIOM 3.8 builds on our previous support of checkra1n to provide the ability to acquire from port 44 in addition to the default port 22 when acquiring from jailbroken devices. This ensures that no additional software is required for acquiring devices using checkra1n — a perpetual working jailbreak for current and future versions of iOS.

Need to learn more about checkra1n? Check out this blog post from Mike Williamson.

Slack Live Acquisition

When acquiring a live Slack account, you can now select which public and private channels you wish to acquire. In addition, you can now optionally choose to include attachments for your acquisition (choosing not to include attachments can improve acquisition times.)

Magnet AXIOM Cyber Updates

For those on the Magnet AXIOM Cyber beta, you’ll want to update to the latest version to take advantage of these enhancements:

Slack JSON Processing Enhancements

If you’re processing JSON packages, you will have the ability to selectively choose to acquire attachments — which are not included in the export package provided by Slack.

Amazon Web Services EC2 Image Acquisition

AXIOM Cyber users will also now have the ability to acquire snapshots of AWS EC2 instances from their AWS environment, helping to automate and simplify the acquisition of EC2 virtual machine images for investigators.

Capture Memory (RAM) from PCs

This can be done via remote acquisition and can provide additional insight. For example, full capture can help identify how processes are interacting with one another.

Warning Notifications for Firewalls

If a remote connection is blocked by Windows Firewall, you will now get a warning notification so you can adjust your firewall configuration to allow the remote collection.

4K Sector Support (NTFS)

AXIOM will now scan NTFS images that contain 4K sectors. As of 2020, it is no longer required for 4K drives to emulate 512 sectors. AXIOM will now be able to read these drives in natively.

Quality of Life Improvements

When AXIOM cannot process an artifact, it will time out and then move on. Now when AXIOM 3.8 times out on processing an artifact, you will get notified — giving you more insight on what AXIOM is doing and how it is interacting with your data.

Additionally, AXIOM will no longer force you to choose a case type, allowing you to make your case type optional.

Case Dashboard Summary Reports

You can now generate a PDF summary report for the Media categorization and Keyword matches cards in the Case Dashboard or generate either a PDF or HTML summary report from the Create report/export dialog.

New Artifacts

– AirDrop Incoming Transfers (macOS)

– AirDrop Outgoing Transfers (macOS)

– AirDrop Discoverability (macOS)

– AirDrop Activity (macOS)

– Additional Sources (iOS/Android)

– Cryptocurrency Wallets/Clients (Windows)

– Pinterest (iOS/Android)

– Tumblr (iOS)

– LG MPT (Android)

– Wi-Fi and Cell Tower Locations (iOS)

– Parked Car Locations (iOS)

Updated Artifacts

– Snapchat (iOS/Android)

– Messenger (iOS)

– Messages/SMS/MMS (iOS)

– Facebook (iOS)

– Yahoo! Webmail (Android)

– Twitter (iOS)

Get Magnet AXIOM 3.8 Today!

If you’re already using AXIOM, download AXIOM 3.8 over at the Customer Portal. If you want to see how AXIOM 3.8 can help you find the evidence that matters, request a free 30-day trial today!

Leave a Comment

Latest Articles