Magnet Axiom 8.7: Initiate processing from Magnet Graykey Fastrak and more!
Magnet Axiom 8.7 was just released introducing several new and improved features and capabilities to help you work as efficiently as possible and gather the most data for your investigations. This release of Axiom adds the ability to:
- Initiate processing in Axiom from Graykey Fastrak: Get your team the most mobile data as quickly as possible
- Filter case data to include evidence that doesn’t have a timestamp: Ensureimportant artifacts aren’t excluded when you filter based on specific dates and times
- Acquire iCloud backups from ADP enabled accounts: Access iCloud backups even when Advanced Data Protection (ADP) has been enabled
In addition to new features and functionality, this release also includes new and updated artifact support to help keep your investigations current with the latest evidence sources.
To get started with these new features and artifacts, upgrade to the latest version in Axiom or at the Customer Portal, or request a free trial here.
Initiate processing in Axiom from Graykey Fastrak
With the number of mobile devices exceeding the global population, evidence from smartphones plays a critical role in criminal investigations. But as mobile devices continue to grow in storage capacity, the time needed to extract and process this critical data becomes increasingly challenging.
Graykey Fastrak scales up your mobile data collection with the ability to rapidly extract data from multiple mobile devices simultaneously, helping you keep pace with the continually increasing capacity and volume of mobile devices.
With our latest integration, we have added the ability to send mobile extractions to Magnet Axiom for processing as soon as they are extracted with Graykey Fastrak, streamlining your workflow and helping you get mobile evidence ready for review as quickly as possible.
To learn more about the integration between Axiom and Graykey Fastrak, visit our blog: Streamlining mobile extractions and processing with Magnet Graykey Fastrak and Axiom or explore the demo below:
Filter case data to include evidence that doesn’t have a timestamp
To align with search warrant parameters, or to zero in on a specific incident, time filters are commonly used to focus on the most relevant data. However, some artifacts lack timestamps—such as contact records that associate individuals with phone numbers—which means those artifacts, while relevant, are filtered out of the dataset.
This can also occur due to carving where the header or footer containing the timestamp may have been overwritten by a new file, which can commonly impact important evidence such as media, internet searches, email records, etc.
To address this challenge, you can now filter your data and have the option to include artifacts without timestamps in your cases, enabling a more comprehensive and detailed search to capture all relevant information.
Acquire iCloud backups from ADP-enabled accounts
iCloud backups provide a wealth of information related to app data, including device setting, photos, and videos. This broad range of data can help provide a clearer picture of timelines and interactions, but if an account has (ADP) enabled (an optional security measure), the encryption keys to the iCloud backup no longer live in Apple’s server—they’re stored on a trusted device (such as an iPhone or iPad). This severely restricts the ability to obtain an iCloud backup. Without the encryption keys, you cannot decrypt and analyze this important source of information.
To help you access iCloud backups, we’ve introduced a new UI flow that allows you to enter the device passcode for the trusted device. Axiom retrieves the ADP keys from Apple which are then used to decrypt the iCloud backup after it is acquired from the iCloud server.
New and updated artifacts
We have added new and updated artifacts to help keep your investigations current with the latest apps and data sources.
Axiom 8.7 includes the addition of support for TeleGuard, a secure chat application that encrypts both calls and messages which can lead to the application being used to conceal criminal activity.
New artifacts
- Samsung Customization Service – Web Activity (Android)
- TeleGuard Channels (iOS)
- TeleGuard Contacts (iOS)
- TeleGuard Messages (iOS)
- TeleGuard Posts (iOS)
Updated artifacts
- Facebook Messenger Messages (iOS)
- Firefox Cache Records (Android/Computer/macOS/Windows phone)
- Linux Binary Logs (Linux)
- Meta Warrant Return artifacts (Facebook/Instagram)
- Photos Media Information (iOS/ macOS)
- Signal, Session (iOS)
- Telegram (Android)
- Telegram Messages (Android)
- WeChat Accounts, WeChat Friends, WeChat Messages (Android)
- WhatsApp Messages (iOS and Android)
Get Magnet Axiom 8.7 today!
If you’re already using Axiom, download Axiom 8.7 at the Customer Portal. To try Axiom for yourself, request a free trial today! If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in Axiom Cyber here.