Magnet Axiom Cyber 8.0: RSMF exports, MFT parsing, new AI tools, and more
We’re thrilled to announce the latest major release of Magnet Axiom Cyber!
Axiom Cyber 8.0 covers a lot of ground, including new features to support eDiscovery, incident response, mobile investigations, and a new AI early-access solution.
Here’s a quick summary of what 8.0 has to offer:
1. Streamline collections for eDiscovery with RSMF exports
From a single message or attachment, export the entire chat thread to RSMF to easily import it into Relativity for legal reviewers.
2. Parsing the MFT file for IR triage
Commonly used to triage cyber incidents, you can now quickly search the parsed MFT file within Axiom Cyber before processing the entire image for further investigation.
3. Early access to Magnet Copilot’s AI capabilities
Leverage new AI tools to quickly surface relevant evidence and identify deepfake media.
4. New Mobile View
An intuitive and visual view of mobile data—quickly and easily navigate gigabytes of data with the same ease and familiarity as scrolling through the phone.
5. AWS cloud storage acquisition enhancements
A new authentication method and support for EC2 multi-volume snapshots has been added to the AWS acquisition workflow.
6. Unified logs + large case performance improvements
We added an artifact which parses Apple’s proprietary Unified Logs and allows the user to review key information from them to find evidence, plus we improved the speed of Axiom Cyber when loading cases, applying filters, loading artifact details, and exporting reports.
We’ve also updated and added to our artifact support (additional details are at the end of this blog.)
To learn more about Axiom Cyber 8.0, sign up for our upcoming webinar on May 22 and see it all in action!
Upgrade to Axiom Cyber 8.0 within the AXIOM Cyber interface or through the Customer Portal.
Haven’t tried Axiom Cyber yet? Request your free trial here.
Streamline collections for eDiscovery with RSMF (Relativity Short Message Format) exports
The Relativity Short Message Format (RSMF) file plays a crucial role in the eDiscovery space as it created a standardized file for ingesting a variety of different messaging file formats into the Relativity platform. Once in the platform, legal teams review chat messages in the Relativity Short Message Viewer for analysis.
Now in Axiom Cyber 8.0, you can select a single message or message attachment and export it as an RSMF file, which will export the entire chat thread around that message/attachment (not just the single item).
To learn more about the importance of RSMF files and this new feature, check out the blog post “Streamline collections for eDiscovery with RSMF exports”.
Triage an image with MFT parsing
In the aftermath of a security breach or cyber incident, time is of the essence. Rapid and precise analysis is crucial to mitigate the impact and remediate vulnerabilities in the organization’s infrastructure.
MFT parsing provides forensic examiners with insights that can be used to quickly triage an incident by reviewing the file system content and any changes.
To learn more about this exciting new feature, check out this blog post and explore the interactive walkthrough below:
Early access to Magnet Copilot’s AI capabilities
The recent surge of synthetic media or deepfakes can present significant challenges in digital investigations, and the volume of digital evidence is ever-increasing. To help you identify deepfakes and efficiently surface relevant evidence in your cases, we are thrilled to introduce Magnet Copilot.
The AI capabilities of Magnet Copilot have been integrated into Magnet Axiom Cyber as a free early access feature, giving you the ability to:
- Analyze images and videos to determine whether they are synthetic or generated media.
- Surface relevant results to case data for chat threads, web searches, and images.
- Build and apply complex filters to your data using plain language inputs.
To learn more about Magnet Copilot, visit our blog and video or explore the demo below:
New Mobile View
Mobile evidence plays a crucial role in corporate investigations. In this year’s State of Enterprise DFIR report, 55.5% of digital forensics professionals in corporate and service provider environments reported always or often including mobile data in their investigations.
One of the key benefits of the new Mobile View is that makes investigating and reviewing mobile evidence extremely easy. The intuitive interface of Mobile View gives you and your stakeholders the ability to quickly and easily navigate gigabytes of data with the same ease and familiarity as scrolling through their own phone.
To learn more and see Mobile View in action, visit our blog and video or explore the demo below:
AWS cloud storage acquisition enhancements
Authenticate using External IDs for enhanced security
Sometimes, it may be necessary to provide third-party service providers or internal departments (such as the DFIR team) temporary access to the organization’s AWS accounts for data acquisition.
In either case, it’s a security best practice to provide external parties or teams with the ability to assume a role that limits what they can access and for how long (among other security parameters.)
Additionally, AWS recommends adding an External ID to the role’s trust policy as an added layer of security when third parties assume roles within an account. It’s an optional measure that more organizations are integrating as part of their cloud security best practices.
With Axiom Cyber 8.0, we’ve added a field for External IDs to the AWS sign-in page. As a service provider or internal DFIR team, you can better adhere to your client’s or company’s security best practices when collecting data from AWS accounts by utilizing an External ID.
Along with the new External ID field, we’ve significantly improved the useability of the sign-in page to better align it with how data is configured in AWS.
Collect AWS EC2 multi-volume snapshots
We’ve enhanced our AWS acquisition capabilities to enable the collection of AWS EC2 instances through volume snapshots. This workflow includes support for Windows instances, instances with multiple volumes, encrypted EBS volumes, volumes up to and greater than 1 TiB, and much more.
This workflow has the option of capturing the snapshots within the same account where there target instance lives or capturing the snapshots within a separate “security” account used to complete the investigation.
Unified logs and large case performance improvements
Both the macOS and iOS operating system use Apple’s proprietary Unified Log solution for many of their key logs within their devices. We have added an artifact which parses these logs and allows the user to review key information from them to find evidence. These logs are incredibly important when tracking specific functions such as AirDrop usage, connection to external devices/servers, and finding context around pattern of life entries.
The Unified Logs artifact will likely generate a high number of hits added to your case so the artifact is turned off by default due to the number of hits it will generate and the extra processing time.
Knowing that cases continue to get bigger and bigger, such as when you are examining detailed logs, in this release we have also made significant improvements to the performance of Axiom Cyber for larger cases, significantly improving the speed and efficiency of loading cases, applying filters, loading artifact details, and exporting reports.
New and updated artifacts
We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations.
This release includes new and updated artifacts, including:
New
- Arlo Secure (Android, iOS)
- Cached Media
- Device Information
- User Information
- Blink (Android, iOS)
- Cached Media
- Device Information
- User Information
- Chrome Affiliations (Android, iOS, macOS, Windows)
- Facebook Messenger E2EE Chats (Android, iOS)
- Ring (Android, iOS)
- Cached Media
- Device Information
- User Information
- Unified Logs (iOS, macOS)
- Windows Search (Windows)
- Calendar
- Contact
- Document
- Image
- Internet Explorer
- Outlook
Updated
- Android MMS (UFED Agent) (Android)
- Audio (Android, iOS, macOS, Windows)
- Chrome Cache Records (iOS, macOS, Windows)
- Chrome (windows)
- Extensions
- Logins
- Device Information (iOS)
- EML(X) Files (iOS)
- Facebook Messenger Messages (Android)
- iMessage/SMS/MMS (iOS)
- Instagram Posts (Android)
- Instagram Direct Messages (iOS)
- Instagram Media (Download Your Data) (Cloud)
- Installed Applications (Android, iOS)
- MEGA Chats (iOS)
- Signal Messages (Android, iOS)
- Videos (Android, iOS, macOS, Windows)
Get Magnet AXIOM Cyber 8.0 Today!
Download Axiom Cyber 8.0 over at the Customer Portal or upgrade within the application.
Haven’t tried Axiom Cyber yet? Request your free trial here.