New Features

Magnet Axiom Cyber 8.6: Linux support for MITRE ATT&CK framework integration, Comae memory analysis improvements, and offline access to Magnet Copilot

The latest release of Magnet Axiom Cyber introduces several improvements for examiners working on a variety of investigation types, from incident response to internal investigations.  

Magnet Axiom Cyber 8.6 includes an array of new features and improvements, such as: 

  • Linux support for the MITRE ATT&CK® framework integration 
  • Advanced memory analysis with Comae, now supporting .raw files 
  • Offline support for Magnet Copilot 

We’ve also updated and added to our artifact support (full details at the end of this blog.)  

Upgrade to Axiom Cyber 8.6 in the Axiom Cyber interface or through the Customer Portal. 

Haven’t tried Axiom Cyber yet? Request your free trial here

Identify TTPs with MITRE ATT&CK framework integration, now supporting Linux data sources 

MITRE ATT&CK logo of feature in axiom cyber 8.6

In the latest release of Axiom Cyber, we’ve added the ability to perform SIGMA rule scans on Linux evidence sources (Redhat & Ubuntu). This improvement expands on the integration of the MITRE ATT&CK framework in Axiom Cyber 8.4. 

The MITRE ATT&CK framework integration allows you to quickly identify TTPs, further aligning incident response and digital forensics teams for more effective collaboration. 

One of the key benefits of this integration is the ability to use a common language that allows clear and consistent communication among the SOC, IR, threat intel, and security teams, as well as other stakeholders. When everyone is on the same page regarding the definitions and descriptions of adversary actions, it reduces misunderstandings and improves collaboration.  

To learn more about the benefits of the MITRE ATT&CK framework and this integration, read “Bridging the gap between DF & IR:  MITRE ATT&CK framework integration in Magnet Axiom Cyber.” And watch the on-demand episode of “Cyber Unpacked: Exploring Enterprise DFIR” where Senior Security Forensics Specialist, Doug Metz, shares an in-depth look at the importance of MITRE ATT&CK mapping and how to use the new integration in Axiom Cyber. 

Want to see it in action? Try this quick interactive demo: 

Perform advanced memory analysis with Comae, now supporting .raw files 

Memory analysis plays a crucial role in uncovering malicious TTPs on an endpoint, particularly when an attack leaves little or no obvious evidence. This is common in malware attacks that use fileless techniques to evade detection. 

Now with Comae memory analysis in Axiom Cyber 8.6, you can analyze .raw files without having to convert the format to .dmp. Previously, only .dmp files could be analyzed with Comae. 

To learn more about the advanced memory analysis capabilities within Axiom and Axiom Cyber, read the blog post “Comae memory analysis in Magnet Axiom and Axiom Cyber.” 

Offline support for Magnet Copilot 

To help you quickly detect relevant evidence and identify deepfake media, we created Magnet Copilot. Early access was initially introduced as cloud-based integration for Axiom and Axiom Cyber. To bring the powerful AI capabilities of Magnet Copilot to even more users, we are now making early access to Magnet Copilot available for offline workstations.   

To learn more about the benefits of the offline version, check out the blog post “Making Magnet Copilot’s AI capabilities available offline.

New and updated artifacts, including more Cloud acquisition updates 

We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations. With this release, we’re improving our Google chat modern attachments support as we focus on frequently updating Cloud artifacts. 

New artifacts 

  • IME suggestions – Google Japanese input (Computer) 
  • Samsung Rubin application usage (Android) 
  • Samsung Rubin charging connections (Android) 

Updated artifacts 

  • Cloud IMAP/POP Eemails, Cloud Outlook mail (Cloud) 
  • Instagram and Facebook warrant return format support (Cloud) 
  • Google Chat modern attachments (Cloud) 
  • Facebook Messenger messages archived chats (Cloud) 
  • Facebook Messenger messages (iOS) 
  • Facebook private timeline (Cloud) 
  • Installed applications (Windows) 
  • LINE chats (Android) 
  • Outlook emails (Computer, macOS, Android, iOS, Cloud, Windows Phone) 
  • Samsung Customization Service charging connections (Android) 
  • Samsung Places (Android) 
  • Signal messages (iOS)  
  • Telegram messages (Android) 
  • TextNow chat (iOS) 
  • TextNow profile (iOS) 

Get Magnet Axiom Cyber 8.6 today!   

Download Axiom Cyber 8.6 over at the Customer Portal or upgrade within the application.  

Haven’t tried Axiom Cyber yet? Request your free trial here

If you conduct digital forensics for criminal investigations, check out the Magnet Axiom 8.6 blog here

Related Resources

Blog

Blog

Making Magnet Copilot’s AI capabilities available offline

Across almost every industry and application, advances in AI have been prompting changes that can have major effects on digital forensic examinations. While the rapid development and availability of AI

October 24, 2024 • About a 4 minute view
Blog

Blog

Magnet Axiom 8.6: Magnet Copilot offline AI capabilities and more

Magnet Axiom 8.6 introduces a new offline version of the early access to Magnet Copilot’s AI capabilities, helping you easily recognize potentially relevant data in your cases and determine the

October 24, 2024 • About a 3 minute view
Blog

Blog

7 essential Linux forensics artifacts every investigator should know

As part of our support of Linux artifacts, we’ve focused on some foundational OS artifacts that will help move your investigations along.

September 23, 2024 • About a 5 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top