New Features

New in Magnet AXIOM 5.7: Preprocess iOS Keychains and Connect Directly to GrayKey for Android Extractions

We’re proud to announce the availability of Magnet AXIOM 5.7!

You can upgrade to the latest version within AXIOM or over at the Customer Portal.  

New in Magnet AXIOM 5.7: you will now be able to preprocess keychains from iOS extractions and take advantage of Connect to GrayKey Android Support, which is a great way to amplify the benefits of GrayKey’s ability to extract Android Keystore data for specific apps. We are also now introducing artifact support for two cryptocurrency mobile apps, Coinbase and Beam. 

If you haven’t tried AXIOM yet, request a free trial here.  

iOS Keychain Preprocessing

With keychain preprocessing, if you have a .plist keychain file from a GrayKey or Cellebrite checkra1n iOS extraction, you can load the .plist into AXIOM during the processing of the extraction to automatically decrypt supported application data from the device.  

Keychain preprocessing is a significant benefit on a few fronts. First and foremost, this is a significant time savings. Now you don’t have to wait for an extraction to be processed in AXIOM before manually applying individual data points from the keychain to decrypt app data. Along with this benefit is that evidence is less likely to be overlooked. Instead of manually managing and applying keychain data to individual apps, AXIOM will now automatically identify apps that can be decrypted. More data will be available at your fingertips without any additional effort.   

Minimizing time to evidence and mitigating opportunities for error are critical objectives for the team at Magnet, whether it’s to reduce backlogs in the lab or to get the most accurate information into the hands of investigators as quickly as possible.

To learn more about iOS keychain preprocessing, check out the blog by Chris Vance “iOS Keychain Preprocessing”.

GrayKey Android Direct Integration

AXIOM has had direct integration capabilities for GrayKey for some time now, but there have been some exciting advances in the acquisition capabilities of GrayKey over the past year to now include Android extractions. With AXIOM 5.7, you can now use a new workflow to automatically copy images from your GrayKey device to AXIOM and configure the process, when processing GrayKey Android images.

Much like the iOS keychain preprocessing workflow improvements, this offers a significant time savings while mitigating opportunities for error. The workflow is similar to the existing iOS workflow, after connecting, users are presented with a list of Android images on their GrayKey device.  They can choose the files they wish to process, and AXIOM will automatically copy them to the local device and configure the scan details. ​   

Grayshift also recently released the ability to extract keystore data for a small number of Android artifacts – Signal, WhatsApp, and ProtonMail. Along with the benefits of connecting directly to GrayKey for Android extractions, examiners can now leverage some Android keystore data in AXIOM for supported apps.

Read more about GrayKey Android direct integration is this blog by Chris Vance, “Connect to GrayKey: AXIOM Integration for Android.“  

New Crypto Artifact Support

You can currently detect whether there are crypto apps on user devices with AXIOM, but now more comprehensive artifact support is being added for three crypto apps: Coinbase, Beam, and Exodus. This is exciting because Coinbase and Beam are two of the top five mobile cryptocurrency apps (as identified by Chainalysis during DFIR Summit 2021).

For Coinbase, data relating to cached purchases, transactions, and the addresses for the transactions can be recovered. For Beam, data relating to all transactions and the addresses for the transactions can be recovered.

For more on cryptocurrency investigations, check out this webinar from the Magnet Virtual Summit, “Cryptocurrency Investigation and Following the Transaction Trail”.

Export Evidence from AXIOM Directly to Magnet REVIEW

With AXIOM 5.7, you can now export evidence directly to Magnet REVIEW. The new direct export allows you to extend the case appropriate evidence to REVIEW in a format that’s accessible for non-technical users.

Now any evidence that you have recovered and analyzed in AXIOM, regardless of the source can be shared — whether it be data from mobile, computer, cloud, or vehicles. REVIEW is optimized to ingest data from AXIOM, allowing you to easily customize what evidence fields non-technical REVIEW users are seeing.  

To learn more about Magnet REVIEW, check out the product page.

Check Out the Next Session of our Demystifying the Cloud Webinar Series

Sign up for the fourth webinar in this series to explore the benefits of Modernizing Digital Investigations with Microsoft Azure and the Magnet Digital Investigation Suite.

If you want to save your spot for upcoming sessions, watch previous webinars on demand, and learn more about the cloud capabilities of AXIOM, head over to the Demystifying the Cloud webinar series page. 

New Artifacts 

  • Beam // Android & iOS
  • Coinbase // Android & iOS
  • Exodus // Android & iOS
  • ProtonMail Contacts // Android
  • ProtonMail Emails​ // Android
  • PowerLog Battery // iOS
  • Shutdown // iOS

Updated Artifacts 

  • Apple-icon Trash Items
  • Facebook Messenger
  • Grindr
  • Rebuilt Desktops
  • Signal
  • Snapchat
  • Trash Items
  • WeChat
  • WhatsApp
  • Wickr

Get Magnet AXIOM 5.7 Today!

We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.

If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in AXIOM Cyber here.

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top