New In AXIOM And AXIOM Cyber 4.8: Off-Network Collection, Run AXIOM Cyber In AWS, OCR And More

Magnet Forensics is proud to share that Magnet AXIOM 4.8 and Magnet AXIOM Cyber 4.8 are now available!

With AXIOM and AXIOM Cyber 4.8, we’re helping you capture and search embedded text with OCR, add more Facebook evidence to your cases, and more.

Plus two huge announcements for AXIOM Cyber! Off-network collection and the ability to run AXIOM Cyber in an AWS EC2 instance.

Find out more about these new features, along with new and updated artifact support below.

If you haven’t tried AXIOM or AXIOM Cyber yet, request a free trial here.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

New in AXIOM Cyber: Run AXIOM Cyber in the Cloud

AXIOM Cyber 4.8 enables and simplifies the ability to run AXIOM Cyber in the cloud—specifically in an AWS EC2 instance. Available to Cloud License Server (CLS) customers, leverage the flexibility and cost savings of the cloud when it comes to your investigations.

  • Use on-demand cloud computing by spinning up AWS EC2 instances when needed instead of relying on your existing hardware which may be in use, inaccessible, or have insufficient compute power for the task at hand.
  • Leverage AWS infrastructure that is in the same geographic proximity as your target endpoint when you need to remotely acquire data. Being closer to the endpoint cuts down the amount of time the remote collection takes. And if data residency is an issue for you, minimize your risk by using an AWS instance in the same region/country as your endpoint.

For a walkthrough of how to remotely collect data from an off-network corporate endpoint, we’ve put together a blog, Harnessing the Cloud to Collect Off-Network Endpoints using AXIOM Cyber to help you out.

New in AXIOM Cyber: Off Network Collection

This is a big one that we’re really excited about, and we hope you are too! We’ve introduced the ability for you to reliably acquire data from endpoints that aren’t connected to the corporate network. With the remote and work from home workforce larger than ever, it’s almost inevitable that you’ll have to collect data from an endpoint that is off-network.

  • Examiners can easily perform remote collections of off-network endpoints anywhere without the need to involve the user of the target endpoint whatsoever. No need to ship a dongle, or deal with the hassle of walking the user through a complicated process of sending you the data that you need.
  • Remote collections are saved to an AFF4-L container. AFF4-L is an open standard, forensically sound, non-proprietary logical container that can be ingested by Magnet AXIOM Cyber and any other tool that supports the standard. To learn more about AFF4-L and its benefits, read the blog Introducing AFF4-L Support in Magnet AXIOM Cyber authored by our Director of Forensics, Jessica Hyde.

Both off-network collection and the ability to deploy AXIOM Cyber to an AWS EC2 instance are available with Cloud License Server (CLS) licensing of AXIOM Cyber. To learn more about CLS and its benefits, read Three Reasons to License AXIOM Cyber in the Cloud.

New in AXIOM & AXIOM Cyber: Capture Text Data with Optical Character Recognition (OCR)

With new OCR technology built-in to AXIOM 4.8 and AXIOM Cyber 4.8, you’ll be able to easily extract text embedded in images or scanned documents and quickly find additional evidence using global keyword search.

For more on our using OCR with AXIOM and AXIOM Cyber, check out our blog from Trey Amick.

New in AXIOM & AXIOM Cyber: Get More Evidence from Facebook

We’ve deepened our Facebook live acquisition support in AXIOM 4.8 and AXIOM Cyber 4.8 to include retrieval of Comments and Replies on posts, helping you add another valuable source of potential evidence to your cases.

New in AXIOM & AXIOM Cyber: Find Windows Events Artifacts Faster

With AXIOM 4.8 and AXIOM Cyber 4.8, we’ve included several new Windows Events artifact categories – like Firewall Events and Network Events—to make it faster and easier for you to find data on specific events.

New in AXIOM & AXIOM Cyber: Enhance Your Exports

AXIOM 4.8 and AXIOM Cyber 4.8 helps you to further customize and enhance your exports with a number of new features, including:

  • Play embedded videos from chat thread exports
  • Include Table of Contents in PDF exports
  • Preserve sorting and columns from Examine view in your exports
  • Include attachments for all export types

New in AXIOM & AXIOM Cyber: Geolocation Data Filter

AXIOM 4.8 and AXIOM Cyber 4.8 also include a new Geolocation Data filter, allowing examiners to easily work with artifacts that contain geocoordinates in a variety of analytic views.

For more on this new filter, check out Jessica Hyde’s blog, and see Tarah Melton’s how-to video for a quick demo of the filter in action!

New Artifacts

  • Lyft Shortcut Locations (iOS)
  • Firewall Events (Windows)
  • Network Events (Windows)
  • Scheduled Task Events (Windows)
  • Script Events (Windows)
  • Services Events (Windows)
  • System Events (Windows)
  • USB Events (Windows)

Artifact Updates

  • Aloha Browser (iOS)
  • Evernote Accounts (iOS)
  • HouseParty (Android, iOS)
  • Kakao Talk (Android)
  • Lyft – Last Know Location (iOS)
  • Motion Photos (Android)
  • Pinterest (Android)
  • Reddit (iOS)
  • Slack (Android)
  • Snapchat (iOS)
  • Tinder (Android)
  • User Events (Windows)
  • WeChat (iOS)
  • Wickr (Android)
  • Windows Event Logs (Windows)

Get Magnet AXIOM 4.8 and Magnet AXIOM Cyber 4.8 Today!

If you’re already using AXIOM, download AXIOM 4.8 or AXIOM Cyber 4.8 over at the Magnet Forensics Customer Portal. If you want to try AXIOM 4.8 or AXIOM Cyber 4.8 for yourself, request a free trial today.

Leave a Comment

Latest Articles