Magnet AXIOM Cyber 7.2 Is Now Available
We are happy to announce the release of Magnet AXIOM Cyber 7.2. In this release, we have added support for SHA256 hash calculations, an improved the viewer for LevelDB files, and added new and updated artifacts to keep your evidence sources current with the latest corporate applications and services.
You can upgrade to the latest version within AXIOM Cyber or over at the Customer Portal.
Or, if you haven’t tried AXIOM Cyber yet, request a free trial here.
SHA256 Support
Designed by the United States National Security Agency (NSA), SHA 256 has become the industry standard for many endpoint detection and response (EDR) tools. With this update, AXIOM Cyber now matches the hash calculation method used by EDR tools to help make it easier for you to quickly verify hashes for individual files.
As part of this update, we have also added SHA-256 support for E01 Forensic images for calculating the hash value while acquiring an image which is included in the image.info file.
Improved View for LevelDB in Magnet AXIOM Cyber 7.2
In this release, we have updated the preview for LevelDB so you can now right-click to view the contents in a Plist viewer in the preview card, allowing you to browse the content more easily.
LevelDB is an open-source key-value storage engine developed and made available by Google as “a building block for higher-level storage systems” and is an increasingly popular database format. A notable application is Google Chrome’s use of LevelDB to facilitate on-disk storage for web-based versions of applications, which can provide important insight into popular communications tools. Other web browsers and applications built that use Chromium as part of their software could also be storing these files. Applications that fall into this category include Opera, Android Browser, Samsung Internet, and Microsoft Edge web browsers as well as MS teams, Slack, Discord and WhatsApp.
To learn more about Level DB check out our blog: Leveling the Playing Field With the LevelDB View in Magnet AXIOM and AXIOM Cyber
Comae Memory Analysis Blog Series
In incident response cases, memory analysis can often be the key to uncovering what took place on a device—especially when an attack didn’t leave an easily detectable evidence trail. In our 7.0 release we integrated Comae Memory Analysis into AXIOM Cyber, enhancing the memory capabilities with support for current Windows 11 operating systems, new insights into threats, as well as greatly improving the speed of memory processing by natively supporting Microsoft crash dumps.
To complement these added memory capabilities, Matt Suiche, Comae founder and Magnet Forensics Director of Memory, IR & R&D, and his team have been publishing several blog posts that provide insight into how to address different threats using the memory analysis capabilities of AXIOM Cyber—including YARA rules that can be added to AXIOM Cyber to identify different malware running in memory.
- Hunting Russian Intelligence “Snake” Malware in Memory with Magnet AXIOM Cyber
- Hunting “Volt Typhoon” State-Sponsored Actor in Memory With Magnet AXIOM Cyber
- Best Practices for Ransomware and Data Extortion Memory Response
New and Updated Artifacts
As with all releases of AXIOM Cyber, there is also support for several new and updated artifacts to help keep your investigations current with the latest apps and service developments, including:
New Artifacts
- Samsung Device Health Services Battery Statistics
- Samsung Digital Wellbeing Events
- Samsung Keyboard Clipboard History
Updated Artifacts
- Android Device Information
- Google Contacts
- Facebook Messenger
- iOS Device Information
- iOS Device Wallpapers
- Signal Messages
- Skype
- Snapchat
- TikTok Contacts
Get Magnet AXIOM Cyber 7.2 Today!
If you’re already using AXIOM Cyber, download 7.2 over at the Customer Portal. To try AXIOM Cyber for yourself, request a free trial today!