New In Magnet AXIOM 4.6 And AXIOM Cyber 4.6: New Mac Artifacts, Portable Case Customizations, And More

Magnet AXIOM 4.6 and Magnet AXIOM Cyber 4.6 are now available for users! With AXIOM and AXIOM Cyber 4.6, powerful new artifacts have been introduced to help you get more from your Mac investigations, new customization options have been added to Portable Case, and the ability to export your geolocation data has also been included.

Remote acquisitions can also now be performed up to four times faster with improved performance in AXIOM Cyber!

Find out more about these new features, along with new and updated artifact support below.

If you haven’t tried AXIOM or AXIOM Cyber yet, request a free trial here.

Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.

New in AXIOM & AXIOM Cyber: Gather More Evidence from Macs

AXIOM and AXIOM Cyber 4.6 include new artifacts for Macs including support for macOS Big Sur (version 11.0) and Rebuilt Desktop.

macOS Big Sur (version 11.0)

When Apple releases macOS Big Sur (version 11.0 — scheduled to be generally available later this year), AXIOM and AXIOM Cyber will support it from day one. Since most Mac users update their OS within first few days of availability, to ensure that you’re getting the evidence you need, it’s important to have a Mac forensic tool that will support the latest versions as they’re made available.

To learn more about our support for Big Sur and other Mac artifacts in 4.6, read this blog from Magnet Forensics’ Forensics Consultant, Trey Amick.

Rebuilt Desktop for Macs

With the release of AXIOM 3.9, the Rebuilt Desktop for Windows artifact was introduced. Since its release there has been overwhelmingly positive feedback about it so that support has been extended to a Rebuilt Desktop artifact for Macs as well with the release of 4.6.

With the Rebuilt Desktop artifact, you get a visualization of what a user’s desktop looked like at the time of imaging including apps, files and folders and the background image. This information can prove to be invaluable to understand a user’s behavior or possible intent.

To read more about the Rebuilt Desktop for Macs artifact, read this blog from Trainer—and Lead Instructor for AX350 macOS Investigations—Christopher Vance.

New in AXIOM Cyber: Faster Remote Acquisitions

When you need to acquire data from a target endpoint, you’re always working against the clock. For example, in a malware attack minutes can be difference between thousands of customer records being lost or protected if the initial point of compromise is discovered fast enough.

With AXIOM Cyber 4.6, we’ve improved the performance of remote acquisitions saving you valuable time. While individual network conditions and environments may yield varying results, based on internal testing, we consistently observed up to four times faster remote collections. For example, when we tested the remote collection of a single 5GB file, it only took six minutes to collect with AXIOM Cyber 4.6 versus 26 minutes using a previous version.

New in AXIOM & AXIOM Cyber: Customize Your Portable Cases

Clear communication of your case findings is critical. With AXIOM and AXIOM Cyber 4.6, you can now tailor your Portable Case to include the most relevant information for your stakeholders with these new customization features:

  • Choose which case artifacts are included
  • Blur or block categorized media (only available in AXIOM)

You also have the option to save your preferences as templates to help you quickly customize your other Portable Cases.

New in AXIOM & AXIOM Cyber: Get More from Your Geolocation Data

Now with AXIOM and Cyber 4.6, you can export your geolocation data in a KML file, which you can then analyze using Google Earth or another external GIS program of your choice to obtain additional insights.

Check out this video from Tarah Melton to see how to export your geolocation data with AXIOM:

Other New Enhancements in Magnet AXIOM & Magnet AXIOM Cyber

  • Acquire the contents of a user’s MEGA account when provided with their credentials
  • Android 11 Quick Imaging support

New Artifacts

  • Facebook Messenger – Audio and Voice Messages (iOS, Android)
  • Google Calendar Reminders (iOS)
  • Google Docs (iOS)
  • Google Drive (iOS)
  • Google Drive Offline Files (iOS)
  • Google Sheets (iOS)
  • Google Slides (iOS)
  • Photos Media Information (macOS/iOS)
  • PowerLog (macOS)
  • Rebuilt Desktop (macOS)

Artifact Updates

  • Application Permissions (iOS 14)
  • Big Sur (version 11.0) (macOS)
  • Calendar Events (Windows, macOS)
  • Duck Duck Go (iOS)
  • Ecosia (iOS)
  • EML(X) Files (Windows)
  • Firefox (Android)
  • Google Meet (Android)
  • Google Photos Albums (iOS)
  • iMaps (iOS 14)
  • iMessage (iOS 14)
  • Instagram Posts (Android)
  • Lyft (iOS)
  • Mac Mail (macOS)
  • Outlook (Windows)
  • PowerLog (iOS)
  • Signal (iOS)
  • Slack (Android)
  • Twitter Users (iOS)
  • Uber (Android)
  • WhatsApp Messages (Android)
  • WiFi Profiles (Android)
  • Windows Mail (Windows)

If you want to try AXIOM 4.6 or AXIOM Cyber 4.6 for yourself, request a free trial today!

1 thought on “New In Magnet AXIOM 4.6 And AXIOM Cyber 4.6: New Mac Artifacts, Portable Case Customizations, And More”

  1. I am trying to acquire emails from Microsoft outlook from a general email used to received supplier bids using Magnet Axiom. . The account has an email. I have been added to the account and I can see the account as an addition to my official email. How do i acquire the added emails to exclude emails from my official email.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:46 pm

Digital Forensics News Round-Up, June 19 2024 #dfir #digitalforensics

Forensic Focus 19th June 2024 2:14 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles