Magnet AXIOM 5.1: Collect More From The Cloud And Filter Out Irrelevant Media With Magnet.AI

Magnet Forensics is proud to announce the availability of Magnet AXIOM 5.1!

Examine and analyze even more of your evidence in one case with AXIOM 5.1. With AXIOM 5.1, we are announcing the support of Facebook Public to expand cloud account acquisition and analysis as well as a dedicated workflow for Chromebook image processing. We’re also releasing overall enhancements to support your investigations, such as OCR Support for Email Attachments and Magnet.AI Icon Classifier. Plus, even more new and improved artifacts.

If you haven’t tried AXIOM yet, request a free trial here.

Acquire and Analyze Publicly Available Facebook Activity

If a person of interest won’t share their credentials (username and passwords), or obtaining and waiting for a warrant return is stalling an investigation, collecting the data you can from publicly available sources can quickly provide some much needed evidence at the outset of an investigation.

With AXIOM 5.1, we’re introducing support to acquire, process, and examine public Facebook activity data. Public Facebook activity data may include a user’s friends list and posts (e.g., comments and replies to public posts)*. Plus, examiners can analyze this data all in one case alongside the rest of your mobile, computer, and cloud evidence. As always, we will be working to expand our support for examiners, so keep an eye out for more on public Facebook data in future releases.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

To learn more about how to acquire and analyze Facebook Public data, check out the blog from Kim Bradley.

Dedicated Chromebook Workflow 

Chromebooks are quickly becoming a more common source of evidence during digital investigations, which is unsurprising considering the increase in the sheer volume of Chromebooks in circulation. To examine Chromebooks, it does require some unique tools and workflows. We’ve recently released the Magnet Chromebook Acquisition Assistant (MCAA) to support Chromebook acquisition. Now in AXIOM 5.1, we’ve added a dedicated workflow to upload those images for processing.

Description automatically generated
In AXIOM 4.11, we included 25 specific Chromebook artifacts to support your investigations. Plus, we released a Chromebook blog to provide some background information, resources, and tools to help you prepare for Chromebook investigations.

Chromebook investigations are likely only going to become more pervasive. With AXIOM, not only do you have dedicated Chromebook workflow support, but you can analyze Chromebook evidence with the rest of your evidence sources all in one case.

Streamlined Workflows: OCR for Email, Better Filtering for Media

We love hearing from our examiners and there’s a few updates in AXIOM that have come from community requests: OCR Support for Email Attachments and Magnet.AI Icon Classifier.

Optical Character Recognition (OCR) support was previously restricted to only running on artifact content in the PDF or Picture artifacts, but examiners requested OCR for email attachments. Picture files and .pdfs are common email attachments can benefit from being scanned using OCR to extract text for keyword searching, reducing manual review effort.

We’ve also had requests to help reduce the amount of “noise” and “junk” that examiners have to review. With AXIOM 5.1, we released a new picture classifier in Magnet.AI to find system icons and graphics within datasets. These items can then be tagged and filtered out. In one of our tests with a real dataset, we reduced the number of media items for review by ~50%.

With 5.1, we’re releasing an enhancement to the Social Media patterns filter for media explorer to help streamline an examiner’s searches.

We’re excited to bring more improvements to AXIOM, so please reach out if you have any suggestions or feedback for us.

To learn more about how these improvements can support your examination, read this blog.

CUPS Artifact Support for macOS

We’re excited to announce that CUPS artifact support is now available. CUPS is an open source printing system currently owned by Apple for use in macOS and other UNIX operating systems. CUPS often logs information into the system that can provide valuable data on what was printed, by who, and to what printer, providing key insights for certain investigations.

With CUPS artifacts, examiners may be able to track what files were printed, when, and the location or name of the printed that performed the job. This will enable them to further their investigations especially in cases where contraband or confidential files may have been sent to the printer.

To learn more, check out this blog by Chris Vance “AXIOM Adds CUPS Support for macOS”.

New Artifacts

  • CUPS // macOS
  • PowerLog // iOS
  • Wickr Contacts // Android, iOS & Windows
  • Wickr Rooms // Android, iOS & Windows

Updated Artifacts

  • Cake
  • Chrome
  • Grindr
  • Signal
  • Slack
  • Telegram
  • Tumblr
  • VK
  • Wickr

Get Magnet AXIOM 5.1 Today!

We’re always working to continually improve AXIOM, to make it our most comprehensive digital forensic platform. When every second counts, it’s important do what we can to streamline the primary workflow of examiners. We’re excited that the improvements with AXIOM 5.1 can help do exactly this.

If you need to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.

* Facebook public activity data can only be acquired when the user’s privacy settings allow for public viewing of friends list and posts (e.g., comments and replies to public posts).  

Leave a Comment

Latest Articles