Magnet AXIOM 6.3: Take Control of Evidence Processing
Magnet AXIOM 6.3 is now available, offering you more control over evidence processing, so you can apply the appropriate collection method for the case at hand.
Introducing parsing-only processing and post-process carving—allowing you to parse and/or carve the evidence source as appropriate. Also, AXIOM 6.3 includes support for “Find My” artifacts for iOS, offering more support to uncover geolocation data. Plus, logging has been improved for passwords and PhotoDNA hash matching.
You can upgrade to the latest version within AXIOM or over at the Customer Portal.
If you haven’t tried AXIOM yet, request a free trial here.
Parsing-Only Processing and Post-Processing Carving
With Magnet AXIOM 6.3, you will now have the option to only parse artifact data at the time of the initial scan, which can significantly increase your time to evidence, depending on the evidence source and the type of case you’re investigating.
To compliment the parsing-only scan option, you can now carve evidence sources after the initial processing is complete. You will now be able to get to key evidence even faster, while maintaining the ability to complete deep-dive analyses on evidence.
This will offer you increased control over your processing needs. If you have a case where you know what evidence is needed, you can collect it quickly with a parsing-only scan, and then during off-hours, you can carve those evidence sources for additional evidence.
Parsing-only processing and post-process carving options are also available for Magnet AUTOMATE customers, allowing you to fully maximize the processing power of your lab.
Check out the blog “Digital Evidence Processing: Parsing-Only Processing and Post-Process Carving” to learn more.
Support for Find My Artifacts in Magnet AXIOM 6.3
Location data is one of the top pieces of digital evidence in cases (alongside communication) and the Find My artifacts are a treasure trove of accurate location data. Find My is an asset tracking app that enables users to track the location of iOS, iPadOS, macOS, watchOS devices, AirPods, AirTags and a number of third-party accessories.
With the introduction of AirTags in April of 2021, the amount of location data within the Find My application is increasing. There’s some great information on AirTags, specifically, within Chris Vance’s article: [Air]Tag You’re It! With AXIOM 6.3, we’ve added support for three Find My artifacts–Devices, Items, and Locations.
Check out the “iOS “Find My” Artifact Support in Magnet AXIOM and AXIOM Cyber” blog to learn more.
Improved Logging for PhotoDNA Hash Matching and Passwords
When categorizing media from a hashset that includes PhotoDNA, you will now be able to see whether the media was categorized using a file hash (MD5/SHA1) or a PhotoDNA hash. In addition, AXIOM will provide the file hash value of the matched image within the hashset.
Now you will have a mechanism to check and validate PhotoDNA matches. With this this enhancement users can now see the Matched hash typeand Matched hashvalue if you need to look up the match in the hashset.
For applications with supported decryption via password, you can now log which password was attempted and whether it was successful, in addition to logging if a password was invalid. Clearly documenting which password was successful is beneficial for reporting but knowing that the same password is also commonly used in multiple places makes this improvement a significant time saver.
Support for Windows 11 in Magnet AXIOM 6.3
With Magnet AXIOM 6.3, Windows 11 is now supported.
New and Updated Artifacts
AXIOM 6.3 adds new Windows Search artifacts, along with updates to several other important iOS and Windows artifacts.
New Artifacts
- Find My // iOS
- Devices
- Items
- Locations
- Windows Search // Windows
- Calendar
- Contacts
- Images
- Internet Explorer
- Office Documents
- Outlook
Updated Artifacts
- Android User Accounts
- Apple Maps Trips
- Cloud MBOX E-mails
- Cloud Gmail Messages
- Cloud iCloud Messages
- iCloud Local Files
- iOS User Notification Events
- MBOX E-mails
- Outlook Email
- Remote Desktop Protocol
- Signal Users
- Skype Accounts
- Snapchat Chat Messages
- Telegram Chats
- Telegram Messages
- Refined Results
- User Accounts
- WeChat Messages
- Windows Event Logs
- Firewall Events
- Networking Events
- Office Alerts Events
- Scheduled Task Events
- Script Events
- Services Events
- Storage Device Events
- System Events
- User Events
- User Pnp Events
Get Magnet AXIOM 6.3 Today!
We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.
If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.