Magnet AXIOM Cyber 6.6: New Volatile Artifacts for Incident Response Investigations
Magnet AXIOM Cyber 6.6 is here, and in this release, we have added new and updated features to help you collect, review, and interpret the evidence you need to keep your investigations moving forward.
This release adds four new volatile artifacts to support incident response investigations as well as adding time saving features for tagging evidence in Email Explorer. In addition to these features, we’ve also added and updated to the artifacts collected by AXIOM Cyber.
To upgrade to the latest version of AXIOM Cyber in the applications or through the Customer Portal. If you haven’t tried AXIOM Cyber yet, request a free trial here.
New Remote Volatile Artifacts
Earlier this year, we introduced a new artifact category, volatile artifacts, which allow you to remotely collect live system information. In AXIOM Cyber 6.6, we have continued to expand on the range of the remote volatile system artifacts to include:
- Firewall Rules
- Scheduled Job List
- Mounted Network Shares
- Logged on Users
Volatile artifacts are a great asset to incident response investigations as they can provide unique insights into endpoint behavior, anti-forensics software or other malicious activities that don’t leave easily detectable evidence trails.
To read about the complete list of volatile artifacts that you can capture in AXIOM Cyber and the insights they provide, check out our new blog post.
Automatic Attachment Tagging in Email Explorer
This release adds a new option to automatically tag attachments when tagging emails as evidence in Email Explorer. The average employee sends 110 emails and receives 75 emails daily, so it’s not surprising that emails continue to be a leading evidence source in many different types of corporate investigations.
Now when you are reviewing evidence, you can use Email Explorer to tag both the email message and attachments as evidence at the same time – saving you from the tedious and time-consuming task of manually linking and tagging attachments to emails. Recognizing that reviewing email evidence is especially important for eDiscovery investigations, when you are done tagging evidence, Email Explorer also provides the ability to easily select and export multiple records for review by legal stakeholders.
To see Email Explorer in action, sign up for our upcoming tips and tricks webinar on Email Explorer on October 6, hosted by Steve Gemperle or read more on our updated Email Explorer blog post.
New and Updated Artifacts
As with all releases of AXIOM Cyber, there is also support for several new and updated artifacts to help keep your investigations current with the latest corporate apps and services developments, including:
New Artifacts
- Apple Keychain for CLBX // iOS
Updated Artifacts
- Apple Mail
- Bluetooth devices
- Microsoft Teams
- Skype Activity
- Snapchat Messages
- Wickr Me