Linux Support and Other Great Improvements in Magnet AXIOM Cyber 5.0
Magnet Forensics is excited to announce the availability of Magnet AXIOM Cyber version 5.0!
You asked for it: Linux support. And it’s here with the release of Magnet AXIOM Cyber 5.0.
Plus we’re introducing official support for running Magnet AXIOM Cyber in Microsoft Azure. Now you can combine the benefits and flexibility of your Microsoft Azure cloud infrastructure with the power of AXIOM Cyber when it is in the cloud—including the ability to collect from off-network endpoints.
And we have a slew of other new things in AXIOM Cyber which will make your investigations faster, more efficient, and stronger than previous versions of AXIOM Cyber.
If you haven’t tried AXIOM Cyber yet, request a free trial here.
Linux Support
This one is big! We know that many of you are using AXIOM Cyber specifically for your Incident Response investigations, and often times there is so much valuable data on Linux systems (like system logs or SSH activity), but getting to that data, processing it, and analyzing it can be a real challenge.
The wait is over.
With AXIOM Cyber 5.0, we’ve introduced a new dedicated workflow for adding Linux as an Evidence Source when processing data. We’ve started with Linux file system support for ext2, ext3, and ext4.
Now add Linux artifacts to your investigations and analyze them with all the other artifacts you can get with AXIOM Cyber including artifacts from cloud, mobile, Windows, and Mac data sources. To start with, we’re releasing support for these foundational Linux artifacts:
- Bash History
- Network Interfaces
- OS Information
- Recent Files
- Scheduled Tasks
- SSH Activity
- Startup Items
- System Logs
- Trash
- User Accounts
Many of these artifacts will work across most Linux distros but there are some variances between them and the versions of each will matter in some cases. We’ve focused our initial distro support for Ubuntu, Debian, Red Hat Enterprise, Kali, and Arch.
To learn more about these artifacts and how they can be relevant in your investigations, read this blog 6 New Linux Artifacts and Why They Matter, written by our Forensic Consultant Jamie McQuaid.
And if you’re looking for a handy resource that’ll give you a starting point for where to look for some of these artifacts on a Linux system, check out this new resource: Linux Targeted Locations Quick Reference Guide.
Run AXIOM Cyber in Microsoft Azure
We’re giving you even greater flexibility for where you want to run AXIOM Cyber: run it on a traditional workstation, in an AWS EC2 instance, and now with the release of 5.0, you can run AXIOM Cyber in Microsoft Azure.
In addition to all the benefits you get from using your Azure cloud environment, running AXIOM Cyber in the cloud enables you to collect data from endpoints not connected to your corporate network. We’re now seeing the emergence of a hybrid workforce where a combination of working remotely and working from the office is the new norm for many organizations. It’s critical to have a reliable remote acquisition tool in your kit to collect and then analyze data from endpoints when they’re both on and off-network.
Along with tested and recommended configurations of Azure for hosting AXIOM Cyber, AXIOM Cyber customers with technical support and documentation in our self-help Customer Portal.
This feature is enabled through CLS licensing of Magnet AXIOM Cyber.
The Fastest, Most Efficient, and Strongest Version of AXIOM Cyber Yet!
Time is always a factor when you’re doing an investigation. Getting to the evidence that you need in time could potentially mean the difference of hundreds of thousands—if not millions—dollars of IP or other sensitive data lost or saved. We get that. So we’re always thinking of ways to enable you to get to your evidence faster.
Faster Processing
With AXIOM 5.0, we’ve realized some processing performance improvements in addition to making some of your key workflows more efficient.
Based on our own internal testing of mobile, Mac, and Windows images between versions 4.11 and 5.0, we observed that with AXIOM Cyber 5.0, processing times were reduced by 28% for some images! To read more about performance improvements in 5.0, we’ve put together an infographic and this blog post, “Process Evidence up to 50% Faster* with AXIOM and AXIOM Cyber 5.0.”
More Efficient Workflows
Often times you won’t know all of the keywords that you’re searching for before processing your case. Before 5.0, adding new keywords after you’ve processed a case could be cumbersome and take valuable time to perform. Now with AXIOM Cyber 5.0, after you’ve done your initial processing we’ve introduced the ability for you to apply keyword searches at a deeper file system, byte for byte, level to your case.
This new keyword post-processing feature enables you to run all keyword searching options against evidence that has already been added to a case without having to perform all the initial processing steps including having to creating new evidence items.
Stronger, More Forensically Sound Cases
We all know that the amount and different types of data stored in the cloud is increasing, it’s inevitable that at least some of the data that you need for many of your investigations comes from cloud sources: whether it’s chats from cloud-based apps like Slack, social media evidence used in an HR case, or even data from cloud storage services, chances are you’ll need a forensically sound way to acquire and store that cloud data.
Now with 5.0 of AXIOM Cyber, we’re now extending our use of the vendor neutral, open source, and forensically sound AFF4-L container to acquisitions of cloud data. Just like collection of data from remote endpoints: AFF4-L will be the default container for collection of data from cloud sources.
If you’re unfamiliar with the AFF4-L standard, you can read up on it in this blog post from our Director of Forensics, Jessica Hyde: AFF4 & AFF4-L – An Open Standard for Forensic Imaging.
New Artifacts
Linux
- Bash History
- Network Interfaces
- OS Info
- Recent Files
- Scheduled Tasks
- SSH Keys
- Startup Items
- Sys Logs
- Trash
- User Accounts
Windows
- Powershell Logs
Android
- Samsung Health Steps
- Samsung Health User Profile
Updated Artifacts
- Application Permissions
- Burner
- Chrome
- Facebook Messenger
- Google Meet
- Grindr
- Life360
- MMS
- Motion Photos
- Powerlog
- Signal
- Slack
- Snapchat
- Telegram
- TextNow
- Uber Cached Locations
- Wickr
- Yahoo Webmail
Get Magnet AXIOM Cyber 5.0 Today!
If you’re already using AXIOM Cyber, download 5.0 over at the Customer Portal. If you want to try AXIOM Cyber for yourself, request a free trial today!
And, if you’re interested in the 5.0 of release of Magnet AXIOM, read about it in this blog post.