New in Magnet AXIOM 5.9: Support for iCloud Backups
We’re proud to announce the availability of Magnet AXIOM 5.9!
You can upgrade to the latest version within AXIOM or over at the Customer Portal.
Now with Magnet AXIOM 5.9, iCloud Backups are supported up to and including iOS 15. You can also load Google Warrant returns that include many .zip files as well as parse location history. Plus, we’ve also added ProtonMail decryption support for Android via extractions with keystore data.
If you haven’t tried AXIOM or AXIOM Cyber yet, request a free trial here.
Support for iCloud Backups in Magnet AXIOM 5.9
With AXIOM 5.9, we now support the acquisition and analysis of iCloud backups up to and including iOS 15 — a significant win for the examiner community.
Acquiring iCloud backups is a significant challenge, and historically Apple has actively worked to close third-party access to their data sources like iCloud backups. Support is available today, and we will work to continue to provide support indefinitely.
With iCloud backups, you can potentially collect App data, Apple Watch backups, messages, photos, videos, and more from iPhones, iPads, and iPod touch2s.
Check out how to analyze iCloud backups in AXIOM in this blog from Kim Bradley.
Improved Support for Google Warrant Returns
You can now load Google Warrant Returns that include many .zip files and you can now parse location history in a Google Warrant returns with Magnet AXIOM 5.9.
Warrant Returns are a common source of evidence for North American examiners, but they can also be an unruly package to analyze, especially when they contain multiple .zip files.
For more on investigating Google Warrant Returns, check out this webinar by Kim Bradley and Steve Gemperle, “Get More Out of Your Warrant Returns with Magnet AXIOM”.
ProtonMail Decryption for Android in Magnet AXIOM 5.9
With AXIOM 5.9, we now support ProtonMail decryption for Android via extractions with keystore data. Acquiring keystore data is challenging because each app essentially maintains data within an individual ‘store’ as opposed to the iOS keychain, which stores all passwords in a single location.
You can still obtain useful evidence without decrypting the data from apps such as ProtonMail, but it is more limited. For example, without decrypting the app data, you are still able to see that there are emails sent between sender and recipient, but with the decryption you can actually see the body of the email.
Law Enforcement Features Available in Magnet AXIOM Cyber
Some law enforcement agencies may benefit from having off-network collection capabilities or investigation types or use Admin credentials to easily acquire from Office 365, G Suite, and Box to speed up investigations of Magnet AXIOM Cyber.
With the release of AXIOM Cyber 5.9, features developed for law enforcement, such as the Media Explorer, can now be enabled. Nevertheless, certain law enforcement-only integrations, such as PhotoDNA, will still require active law enforcement credentials to be activated.
Check out the Magnet AXIOM Cyber product page to learn more.
Check Out the Next Session of our Demystifying the Cloud Webinar Series
Sign up for the next webinar in this series to explore the benefits of Leveraging the Cloud to Get More Data in Your Mobile Investigations with Jessica Hyde.
If you want to save your spot for upcoming sessions, watch previous webinars on demand, and learn more about the cloud capabilities of AXIOM, head over to the Demystifying the Cloud webinar series page.
New Artifacts
- Facebook Events // Android
- ProtonMail Decryption // Android
- Facebook Posts // iOS
- Windows Event Logs – Storage Device Events // Windows
Updated Artifacts
- Microsoft Office Documents
- Photos Media Information
- Private Photo Vault
- RTF Documents
- Safari Browser State Tabs
- Text Documents
- Viber
- Windows Event Logs
Get Magnet AXIOM 5.9 today!
We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.
If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.