Magnet Axiom Cyber 8.3: MFT parsing improvements, collapse/expand file trees, and more cloud acquisition improvements
We’re excited to announce the release of Magnet Axiom Cyber 8.3, which includes new features and improvements such as:
- Keyword searching when parsing MFTs
- Magnet Exhibit Builder improvements
- More cloud acquisition updates!
We’ve also updated and added to our artifact support (additional details are at the end of this blog.)
Upgrade to Axiom Cyber 8.3 within the Axiom Cyber interface or through the Customer Portal.
Haven’t tried Axiom Cyber yet? Request your free trial here.
Use keyword searching when parsing MFTs
Master File Table (MFT) parsing and analysis is critical in digital forensics for efficiently triaging and unravelling complex cyber incidents. As digital threats grow more sophisticated, MFT parsing becomes increasingly vital for incident response (IR) investigations where time is always of the essence.
In Axiom Cyber 8.0, we introduced MFT parsing and with this release, we’ve improved the workflow to allow you to upload a keyword list during case setup versus running keywords as a post-processing action.
Running a keyword list against an MFT is an efficient way to help you quickly identify files related to malware or responsive ESI for eDiscovery.
For example, MFT parsing using keywords lets you quickly identify files with names or attributes that match known malware signatures or patterns. This is especially useful for detecting malware that may be disguised with deceptive names. Or you can take a more targeted approach and focus your efforts on specific indicators of compromise (IOCs) or traits associated with particular malware families if you know what type of malware you’re looking for.
Since the MFT contains metadata about every file on the NTFS file system, searching this centralized database is faster than scanning the entire file system. Rapid identification of potentially malicious files is crucial during time-sensitive incident response scenarios.
To learn more about MFT parsing in Axiom Cyber, visit our blog “Harnessing MFT parsing for incident response investigations”, or try it out using the interactive demo below:
Magnet Exhibit Builder improvements
Made available in Axiom Cyber as of 8.1, Magnet Exhibit Builder lets you easily build clear and comprehensive forensic reports combining Axiom files and all other evidence sources. In this release, we’ve added the following improvements:
- Artifact source details – You now have the option to include evidence source details and recovery when adding artifacts to their report. This supporting information is often useful to demonstrate where and how content was recovered by Axiom Cyber.
- Importing Word documents as a template – You can now easily import and use Word documents as a template for your reports.
New and updated artifacts, including more cloud acquisition updates
We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations.
With this release, we’re continuing to improve our cloud acquisition capabilities, most notably with updating our Google Chats (from Google Workspace) acquisition capabilities to include direct messages and Google Spaces. As well as acquiring Facebook public timeline and more data from Facebook private timelines such as images, albums, and more text.
New artifacts
- Eufy Cached Media (Android)
- Signal Groups (iOS)
- WeChat Accounts (Android)
- Discord Local Storage (Computer)
Updated artifacts
- Eufy (iOS)
- iOS Home Screen Items (iOS)
- Facebook (All)
- Google Chat Direct Messages and Google Spaces (Cloud)
- Box.com (Cloud)
- WhatsApp QR Code (Cloud)
Get Magnet Axiom Cyber 8.3 today!
Download Axiom Cyber 8.3 over at the Customer Portal or upgrade within the application.
Haven’t tried Axiom Cyber yet? Request your free trial here. If you conduct digital investigations for law enforcement, check out the new features in Magnet Axiom 8.3 here.