New Features
Magnet Axiom 9.0

Focus your investigations with Event Snapshots in Magnet Axiom

With the overwhelming volume of data in a case, knowing where to start your investigation can be a persistent challenge for both forensic examiners and investigators. To help you and your stakeholders save time and collaborate efficiently, we’ve added a new patent-pending interface into Axiom and Axiom Cyber, Event Snapshots, that helps focus investigations on the digital events surrounding an incident. 

A view of key evidence 

The Event Snapshots dashboard provides clear insights at a glance, visualizing the most relevant information from the event timeframe so investigative teams can quickly uncover key evidence. The custom dashboards narrow down massive volumes of potential evidence into seven concise cards that capture crucial digital forensics insights into an individual’s activities, communications, location, and behavior, which can establish timelines, connections, and critical evidence to support or refute claims in legal proceedings. 

  1. Calls: The ten most recent call artifacts before and after the anchor event are displayed, with the option to explore the full list of data for this category. 
  2. Chats: Native messaging apps and third-party applications (e.g., Snapchat) show who the suspect was chatting with and what they were saying leading up to the event. 
  3. Emails: Inbound and outbound emails, including sender and recipient information are shown. 
  4. Recent applications: A list of recently used applications that the user interacted with around the time of the crime is provided. 
  5. Routes: Based on timestamps and geolocation data from different evidence, Axiom can generate animated routes showing the movements of subjects to help provide context for investigations. 
  6. User-created media: Filtering out media that wasn’t created on the device helps you focus on media likely to be related to the case, while excluding media from public sources. 
  7. Web search history: After a crime, suspects may Google related items such as the victim’s name, their own name, or police releases and warrants. This search history provides insights into the suspect’s awareness of the investigation. 

              Within Event Snapshots, you can also utilize multiple screens for analysis, undocking the snapshots so you can navigate to the Artifact Explorer to view full information for each piece of data and investigate further. For labs running with dual monitors, you can undock the snapshots and have them on one screen, while the other screen is used for artifact analysis. 

              Efficient sharing with Event Snapshots 

              Given the volume of data on modern mobile devices and our increasingly large digital footprints, trying to share a full extraction of a device can quickly overwhelm a mobile data terminal (MDT), which has limited RAM. This can prevent stakeholders from accessing and working effectively with important data. The results of Event Snapshots are much more lightweight, allowing for easy sharing in a compact Axiom Portable Case file, or uploaded to Magnet Review. These options can easily be quickly opened and reviewed by investigators and prosecutors. While the rest of the case data remains in the full Axiom case, Event Snapshots helps springboard key steps, such as investigator review, sending preservation letters, and writing search warrants. 

              Putting your case into context 

              With Event Snapshots, you can quickly narrow down the scope of evidence using investigative leads to derive context-driven insights that help quickly uncover key evidence. Using the information provided, Event Snapshots will create custom dashboards focused on the key events relevant to the case. You can also create multiple Event Snapshots to focus review and analysis on different time frames, artifact sources, or dashboards. 

              To create a new Event Snapshot, simply click “Create a Snapshot,” and Axiom will walk you through the process. Defining the time and data for your Event Snapshot falls into two categories: 

              • Date and Time Range: You’ll input the date and time for both the event and the time range before and after the incident. By default, this range is set to 48 hours before and after the crime, as this is often when crucial information about what the suspect was doing before and after the crime is captured. However, the range can be adjusted as needed for your case.  
              • Evidence Sources: You can choose which evidence sources from your case should be included in the Event Snapshot, such as drives, phones, computers, or other digital evidence from victims or suspects. You can also select “All Evidence” or “Tagged Items” to apply Event Snapshots to cases you’ve worked on previously. You’ll also be prompted to select specific artifacts that include geolocation data, which will be used to generate animated routes. Additional routes can be added as needed.  

              Get started with Event Snapshots in Axiom today 

              Event Snapshots is included in all Axiom Term license tiers and Axiom Cyber. If you’re an existing Axiom user, update to the latest version to get started. If you’re not yet an Axiom user or don’t have a term license, you can still check out Event Snapshots via our free trial of Axiom, which can be requested here or Axiom Cyber here if you perform investigations in support of eDiscovery, incident response, or internal matters. 

              Related Resources

              Blog

              Blog

              Magnet Axiom 9.0: Event Snapshots, Express Extraction of Graykey images, AI tools, and more! 

              The latest major release of Magnet Axiom, version 9.0, is now available!    We’ve added many great features and capabilities in this release of Axiom, including:   To learn more about each

              March 18, 2025 • About a 6 minute view
              Blog

              Blog

              Unlock faster mobile forensics with Magnet Axiom Express Extraction

              As mobile evidence continues to grow in both data size and importance as a source of information in investigations, streamlining the investigative process is more critical than ever. To help

              March 18, 2025 • About a 4 minute view
              Blog

              Blog

              IOC Insights Dashboard: A faster, smarter way to identify threats in Magnet Axiom Cyber 

              It’s no surprise the growing complexity of cyberattacks is the top challenge for DFIR professionals. As cyberattacks evolve, DFIR analysts and incident responders must analyze increasingly diverse datasets and artifacts

              March 18, 2025 • About a 6 minute view
              Resource Center Home

              Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

              Start modernizing your digital investigations today.

              Top