New In Magnet AXIOM Cyber 5.1: Get More Data From The Cloud, Email, And Chromebooks

The latest version of Magnet AXIOM Cyber, 5.1, is now available!

Getting to the data that you need can be a challenge, it’s seemingly everywhere nowadays. With AXIOM Cyber 5.1, we’re giving you even more functionality to acquire from as many data sources as possible including social media, email attachments, Chromebooks, and more.

If you haven’t tried AXIOM Cyber yet, request a free trial here.

OCR for Email Attachments 

Email attachments can be a treasure-trove of data for many different kinds of investigations. Malicious attacks such as ransomware will often leverage an attachment in an email to deliver its payload and gain entry into an organization’s network. Insider threats—IP theft or fraud for example—is another one that may rely heavily on data from email attachments.

Regardless of the case type, it’s crucial to get to the data that you need as quick as possible and make the necessary connections to get to the bottom of your case.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

AXIOM Cyber is making it even easier and faster for you to get to evidence by applying OCR (Optical Character Recognition) to PDF and picture files that are attached to emails. Attachments scanned using OCR will extract text that can used for keyword searching enabling you to more quickly get to the evidence you need.

Acquire Public-Facing Data from Facebook 

Data from social media can provide insight into an employee’s online presence. Whether you’re dealing with an HR investigation or trying to preserve comments or posts that an employee has made on social media, public-facing data from Facebook can help round out your investigation.

Using any Facebook username and password an examiner can authenticate to Facebook and acquire public-facing data from Facebook including:

  • Friends list
  • Public-facing posts
  • Public-facing comments & replies

And keep an eye out for version 5.2 where we’ll be continuing to add support for acquiring even more public-facing data from Facebook.

Our Forensic Consultant, Kim Bradley (who you may know from one of your Magnet training courses), wrote this blog post that walks you through how to do it: Acquiring Publicly Available Facebook Information.

Dedicated Chromebook Processing Workflow 

There may be a small handful of employees in your organization that have the need to use Chromebooks, and if that’s the case, then data from those devices can often be elusive and imperative to move an investigation forward.

Building on earlier support for over 25 Chromebook artifacts, AXIOM Cyber now has a new dedicated processing workflow to ingest Chromebook logical images.

Need a quick free tool to acquire from Chromebooks? Check out MAGNET Chromebook Acquisition Assistant.

Cut Through the Noise with Magnet.AI 

When you’re dealing with an investigation that involves pictures, for example an HR employee misconduct claim, applying Magnet.AI to your case is a good idea to automatically classify media saving you time. However oftentimes, pictures that are completely immaterial to your case—such as system icons or graphics—will get classified by Magnet.AI creating clutter or unwanted noise.

A new picture classifier in Magnet.AI helps you identify immaterial media such as system icons & graphics. Now you can tag immaterial media files to filter them out of your case file so you can focus on the evidence that matters.

Based on internal testing using one real dataset, we found this feature reduced the number of media items for review from 600K+ to under 300K+ items.

To help walk you through this new feature, Forensic Consultant Trey Amick has put together this how-to video, Investigate Media More Efficiently with Smarter Tools: From Magnet.AI to OCR, to show you how you can save time with this new feature.

Mac Artifact: CUPS 

CUPS is an open source printing system developed by Apple that allows macOS devices to connect to printers on a network including cash drawers. This artifact may be especially useful for investigations involving POS systems or employees who are handling cash transactions; as well as more generally when you need more data about print jobs sent from a Mac.

Learn more about the CUPS artifact in this blog, CUPS Artifact Support for macOS, post authored by one of our Trainers, Chris Vance.

New Artifacts 

  • CUPS // macOS
  • PowerLog // iOS
  • Wickr Contacts // Android, iOS & Windows
  • Wickr Rooms // Android, iOS & Windows
  • FLV Videos // All supported platforms

Updated Artifacts

  • Cake
  • Chrome
  • Grindr
  • iMessage/SMS/MMS
  • Photos Media Info
  • Signal
  • Slack
  • Snapchat
  • Telegram
  • TextNow
  • Tinder
  • Tumblr
  • Twitter
  • Uber
  • VK
  • Wickr

Get Magnet AXIOM Cyber 5.1 Today! 

If you want to try AXIOM Cyber for yourself, request a free trial today!

And, if you’re interested in the 5.1 of release of Magnet AXIOM, read about it in this blog post.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. 

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...