An Exploration of the New Artifacts in Magnet AXIOM & Magnet AXIOM Cyber 7.0
This artifacts update is authored by Michael Paleshi from the Magnet Forensics Product Management team.
At Magnet Forensics, we pride ourselves on delivering valuable new features and artifact support every month in our AXIOM and AXIOM Cyber releases. Part of my job as Product Manager of the artifact team is to support the work of exploring new and supported applications to ensure that our customers are getting all of the latest artifacts that can contribute to their cases. This also means ensuring that our existing artifacts remain up to date with any changes that occur. With 1,300 artifacts across 402 applications this takes a lot of time and quite a bit of effort to curate.
In the last couple of releases, we focused a lot on new artifacts, especially in the iOS ecosystem. If you read Chris Vance’s blog on iOS Biome artifacts, you’ll understand why. This release also includes a number of new biome artifacts and you can also keep up to date with these developments through Chris’ web series Mobile Unpacked.
In the build-up to our major 7.0 release, we wanted to make a big impact by bringing updates and enhancements, not only to the highest-use artifacts, but also to catch up on some of the more niche artifacts that don’t always get developer’s time.
Taking requests and feedback from our customers into account, we set a reasonable goal of updating or improving 25 artifacts. The developer team, in their excitement and eagerness to help our customers, CRUSHED that goal and completed an amazing 53 artifact updates and improvements! We’re proud to stay true to our commitment to innovation to best support you and the important digital investigation work you do!
Here is the list of new and updated artifacts
New Artifacts
- Apple Maps – Biome App Intents | iOS: Added parsing support for Apple Maps – Biome App Intents.
- Biome Application Intents | iOS: Added parsing support for Biome Application Intents.
- Biome Application Focus | macOS: Added parsing support for Biome Application Focus.
- Biome Application Launch | macOS: Added parsing support for Biome Application Launch .
- Biome Device Plugged-In States | macOS: Added parsing support for Biome Device Plugged-In States.
- Biome Device Screen Backlight States | iOS, macOS: Added parsing support for Biome Device Screen Backlight States.
- DuckDuckGo Bookmarks | iOS: Updated parsing support to recover data from the latest version. [v7.71.0]
- Facebook Messenger – Biome App Intents | iOS: Added parsing support for Facebook Messenger – Biome App Intents.
- Instagram Direct Messages – Biome App Intents | iOS: Added parsing support for Instagram Direct Messages – Biome App Intents.
- iOS Call Logs – Biome App Intents | iOS: Added parsing support for iOS Call Logs – Biome App Intents.
- iOS iMessage/SMS/MMS – Biome App Intents | iOS: Added parsing support for iOS iMessage/SMS/MMS – Biome App Intents.
- iOS WhatsApp – Biome App Intents | iOS: Added parsing support for iOS WhatsApp – Biome App Intents.
- Safari Last Session | iOS, macOS: Added parsing support for Safari Last Session.
- Signal – Biome App Intents | iOS: Added parsing support for Signal – Biome App Intents.
- Siri – Biome App Intents | iOS: Added parsing support for Siri – Biome App Intents.
- Snapchat – Biome App Intents | iOS: Added parsing support for Snapchat – Biome App Intents.
- TextMe Conversations | iOS: Added parsing support for TextMe Conversations.
- Weather – Biome App Intents | iOS: Added parsing support for Weather – Biome App Intents.
Updated Artifacts
- Android Call Logs (UFED Agent) | Android: Updated parsing support to improve the call duration and end time fragments.
- Call Logs | Android,iOS: Updated parsing and carving support to include the timestamp and duration.
- CarPlay Recently Used Applications | iOS: Added parsing support for CarPlay Recently Used Applications.
- Device Information | Android: Updated parsing support to recover home and lock screen wallpapers.
- Device Information | iOS: Updated parsing support to recover whether a timezone was set automatically by the device or selected by the user.
- Edge Chromium Web History | iOS: Updated parsing support to recover data from the latest version. [Edge v104.1293.63, iOS 14]
- Google Maps Saved Locations | Android: Updated parsing support and added carving support to recover additional timestamp, latitude, and longitude data.
- LINE Messages | iOS: Updated parsing support to recover videos from temp folders. [v12.17.1]
- Network Usage | macOS: Added parsing support for Network Usage on macOS.
- Outlook Emails | Android, iOS, macOS, Windows: Updated parsing support to recover date/time fragments that reflect those in the original application: received, sent, created, and modified.
- ProtonMail Emails | Android: Updated parsing support to recover data and attachments from the latest version. [v3.0.1]
- Rebuilt Desktops | Windows: Updated support to include the updated icons, taskbar, and registry path for Windows 11.
- Safari Downloads | macOS, Windows: Updated parsing and carving support to recover missing hits and to show correct values for file sizes.
- Safari iCloud Tabs | iOS, macOS, Windows: Updated carving support for Safari iCloud Tabs.
- Signal Conversations | Android: Updated parsing support to recover data from the latest version. [6.10.9]
- Signal Groups | Android: Updated parsing support to recover the latest version. [v6.10.9]
- Signal Messages | Android: Updated parsing support to recover backups and other data from the latest version. [v6.10.9]
- Signal Messages | iOS: Updated parsing support to recover attachments in the latest version. [v2.36.1]
- Signal Stories | iOS: Updated parsing support to remove duplicate location information.
- Slack Channels | iOS: Updated parsing support to recover data from the latest version. [Slack v22.10.20, iOS 14]
- Slack Users | Android: Updated parsing support to recover missing data. [v22.9.10.0, v23.2.30.0]
- Snapchat Chat Messages | Android: Updated parsing support to recover direct replies to stories. [v12.20.0.33]
- Snapchat Chat Messages | iOS: Updated parsing and carving support to recover missing hits.
- Snapchat Chat Messages | iOS: Updated parsing support to recover most recent messages. [v12.19]
- Snapchat Stories | Android: Updated parsing support to recover the user name. [v12.20.0.33]
- Telegram Messages | Android: Updated parsing support to recover the message partner user ID when the user name is unavailable, and to recover the original file name of an attachment.
- Textfree Groups | Android: Updated parsing support to recover the latest version. [v12.14]
- Textfree Messages / Calls | Android, iOS: Updated parsing and carving support to improve consistency of fragment names with other messaging artifacts.
- Textfree Messages / Calls | iOS: Updated parsing and carving support to improve the way incoming message data is reported.
- TextMe Calls | iOS: Updated parsing support to correctly report the direction of a call. [TextMe v3.34.1, iOS 14]
- TextMe Messages | iOS: Updated parsing support to include chat thread capability.
- TextMe Messages | iOS: Updated parsing support to recover sender and recipient data. [v3.34.13]
- TextNow Groups | iOS: Updated parsing support to recover the group name. [TextNow v22.41.0, iOS 14]
- Tinder Messages | iOS: Updated parsing support to allow chat threading. [v13.18.0]
- Volume Information | macOS: Updated parsing support to include macOS 13.
- Web Chat URLs | Refined Results: Updated parsing support to classify Zoom data in a more user-friendly way.
- WeChat Messages | Android: Updated parsing support to include local user and remove some obsolete fragments.
- WhatsApp | iOS: Updated parsing support to pull contact names from the WhatsApp database before the device’s contacts. [v22]
We thrive on getting the chance to address customer input and we’re anticipating that this artifact bash will be of significant value to you! If there are new sources or developments that you need in your investigations, don’t hesitate to reach out to let us know about them via support@magnetforensics.com.
To explore the full extent of artifact support available in AXIOM and AXIOM Cyber, check out the Artifact Reference on our Support Portal.
Find out what else is new in Magnet AXIOM 7.0 & Magnet AXIOM Cyber 7.0.