New Features
Magnet Axiom Cyber 9.0

Magnet Axiom Cyber 9.0: IOC Insights Dashboard, Event Snapshots, AI tools, and more!

The latest major release of Magnet Axiom Cyber, version 9.0, is now available.  

Whether you perform investigations of cyberattacks, HR matters, or supporting litigation, we’ve introduced new functionality to help you get the insights you need with less fuss.

There are so many new features to mention, here are the top ones: 

  1. IOC Insights Dashboard: Built for DFIR analysts and incident responders, this unified view of critical threat data acts as an efficient starting point for any incident response investigation
  2. Event Snapshots: Context driven case insights for investigative leads in support of internal investigations and eDiscovery
  3. Express Extraction: Streamline Graykey and Verakey extractions and processing in Axiom Cyber
  4. Synthetic media and video authentication: Investigate synthetic and generated media with Magnet AI and a video integration powered by Magnet Verify
  5. Magnet Copilot AI capabilities: Quickly surface relevant evidence with advanced AI capabilities
  6. New and updated artifacts: Including the addition of iCloud Keychain acquisition

To learn more about each of these features, check out the content and links below.

Also, the Cyber Unpacked webinar series with Doug Metz received rave reviews and is returning for Season 2! Register now to see the new IOC Insights Dashboard in action in Episode 1 on April 2: “From indicators to insights: Fine-tuning Axiom Cyber for incident response.”

And, if you haven’t tried Axiom Cyber yet, now is a great time to request a free trial.

IOC Insights Dashboard

Cyberattacks are becoming increasingly complex and costly, with the average data breach reaching $4.88 million in 2024—a 10% jump from 2023. For DFIR professionals, this rising complexity demands faster ways to identify threats, fully scope an incident, and reduce the risk of repeat attacks.

But without a clear starting point, sifting through large and diverse datasets and multiple artifacts can slow investigations and increase the chance of missing critical details.

The new IOC Insights Dashboard provides a unified view of key threat data, including YARA rule hits, MITRE ATT&CK mappings, and more. This consolidated view is your new starting point for complex cyberattack investigations. You’ll be able to quickly identify suspicious activity, assess risk severity at a glance, and seamlessly pivot into deeper analysis—all from one dashboard—enabling faster, more effective incident response.

There’s much more to cover, check out the blog “IOC Insights Dashboard: A faster, smarter way to identify threats in Axiom Cyber” or explore the interactive demo:

Event Snapshots

With the overwhelming volume of data in a case, knowing where to start can be a persistent challenge for both forensic examiners and investigators. To help both you and your stakeholders save time and collaborate efficiently, we have added a new patent-pending interface into Axiom Cyber, Event Snapshots, that helps focus investigations on the digital events surrounding an incident.

With Event Snapshots, you can quickly narrow down the scope of evidence using investigative leads to derive context-driven insights to help quickly uncover key evidence. The patent-pending approach of Event Snapshot presents a series of dashboards to quickly visualize and access the most relevant information, such as communications, media, or location data, based on a specific timeframe before and after the incident to focus on key events that may have a direct impact on the investigation.

To learn more and see Event Snapshots in action, visit our blog and video, “Focus Your Investigations with Event Snapshots in Magnet Axiom and Axiom Cyber” or explore the demo below:

Express Extraction of Graykey and Verakey mobile images

As mobile evidence continues to grow in both size of data and importance as a source of data in investigations, the more that can be done to streamline the investigative process the better. To help you get mobile data even faster, we added a new extraction and processing option for mobile devices accessed with Magnet Graykey or known passcode extractions with Magnet Verakey, called Express Extraction.

This new workflow increases the extraction speed by moving the processing to Axiom Cyber, which also frees up the Graykey or Verakey hardware to focus on gaining access to additional phones or preparing devices for extraction. Having extractions run on the same forensics workstation as Axiom Cyber also streamlines your mobile workflow, combining extracting and processing into one easy step, giving you the ability to leverage Axiom Cyber’s advanced mobile processing capabilities while also mitigating manual steps in your workflow.

Learn more about this feature here.

Synthetic media and video authentication

Instances of synthetic, or deepfake, media have seen a dramatic increase in recent years, with an estimated 500,000 video and voice deepfakes shared on social media in 2023. While deepfakes aren’t a new phenomenon, advances in machine learning and AI have increased the speed, accuracy, and availability of developing synthetic media.

To help you identify deepfake and generated media, this release moves the two features below out of limited early access and into Axiom Cyber:

  • Synthetic media classifiers in Magnet AI: The added synthetic media detection capability in Magnet.AI lets you use the classifiers alongside all the other classifiers, helping you to quickly comb through evidence and automatically detect potential deepfake media along with potential pictures of money, nudity, and more.
  • Video authentication: With a simple right-click in Axiom Examine you can access our cutting-edge solution for file structure analysis of video files powered by Magnet Verify. This feature helps verify and authenticate where video files originated, if they are camera-original content, and if they have been edited or generated with tools such as face-swap or re-face.

Magnet Copilot AI capabilities

Artificial Intelligence AI is rapidly transforming the way we all work and that extends to DFIR professionals. In fact, in this year’s State of Enterprise DFIR report, 94% of respondents said they were already utilizing AI in their investigations.

Magnet Copilot helps examiners quickly find evidence relevant to their case with a Q&A function that can help you quickly narrow in on key results. To use the Q&A function, simply select the data, such as a conversation thread or web search, then enter questions about the data, and Magnet Copilot will highlight relevant artifacts. Responses provided through the interface also include citations for the case data so you can easily validate the results and investigate further. 

We initially introduced Magnet.AI as an early access integration to bring AI capabilities to quickly surface relevant evidence. With the development of Magnet Copilot, we are now including it exclusively with our Axiom Premier and Axiom Cyber licenses.

To learn more about Magnet Copilot, visit our blog or explore the video below:

New and updated artifacts 

As always, with every new release comes support for new artifacts as well as updated support for artifacts that may have changed over time.

A new addition in this release is support for iCloud Keychain, a password manager that keeps secure information updated across Apple devices. iCloud Keychain contains information that autofills on trusted devices, including usernames, passwords and passkeys, credit card information and security codes, and Wi-Fi passwords.

New artifacts

  • AVIF image support (All platforms)
  • iCloud Keychain acquisition (Cloud)
  • Slack local storage (Computer)
  • Telegram groups (iOS)

Updated artifacts

  • Android Telegram messages (Android)
  • Chrome local storage (Computer, macOS)
  • Chrome/Edge/Discord/Slack local storage (Computer)
  • Chrome/Edge local storage (macOS)
  • Facebook Messenger end-to-end encrypted chats (Android, iOS)
  • Discord local storage (Computer)
  • Edge local storage (Computer, macOS)
  • iOS cached locations (iOS)
  • Slack acquisition (Cloud)

Get Magnet Axiom Cyber 9.0 today!

If you’re already using Axiom Cyber, download 9.0 over at the Customer Portal. If you want to try Axiom Cyber for yourself, request a free trial today!

Related Resources

Blog

Blog

Magnet Axiom 9.0: Event Snapshots, Express Extraction of Graykey images, AI tools, and more! 

Magnet Axiom 9.0 is now available with Event Snapshots, Express Extraction, synthetic media and video authentication, and more.

March 18, 2025 • About a 6 minute view
Blog

Blog

IOC Insights Dashboard: A faster, smarter way to identify threats in Magnet Axiom Cyber 

It’s no surprise the growing complexity of cyberattacks is the top challenge for DFIR professionals. As cyberattacks evolve, DFIR analysts and incident responders must analyze increasingly diverse datasets and artifacts

March 18, 2025 • About a 6 minute view
Blog

Blog

Unlock faster mobile forensics with Magnet Axiom Express Extraction

As mobile evidence continues to grow in both data size and importance as a source of information in investigations, streamlining the investigative process is more critical than ever. To help

March 18, 2025 • About a 4 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top