Upgrade note: This update is being released to address an issue with the Hash Sets Manager that was found in the 6.7.0 release.
Parsed Search Queries
Windows Event Logs
Limit content when acquiring a Microsoft Outlook mail account
You can now further define the scope of Microsoft Cloud mail acquisitions.
- Use keywords to limit the content acquired from Microsoft Outlook mail accounts.
- Browse and select specific mail folders to include in the acquisition.
Search for known and non-relevant files using Hash Sets Manager
If your organization is using a central database with the Hash Sets Manager beta, you can now use hash sets of known and non-relevant files in your AXIOM cases.
- Use known file hash sets to search for and tag evidence that might be known to your organization, such as documents or other file types of interest.
- Use non-relevant file hash sets to ignore common files, such as standard OS icons and screen savers, so that they don't clutter your evidence.
- Known and non-relevant file hash sets support MD5 and SHA1 hashes.
To learn more about Hash Sets Manager and download a copy of the beta, visit the Magnet Idea Lab.
New LevelDB viewer in AXIOM Examine
In the File system explorer, you can now view LevelDB databases in the LevelDB viewer. To help with your investigation of this data, you can also search the database, view and save BLOB data, or change the encoding of data in the table.
Updates to the Email explorer
We've made the following updates to the Email explorer:
- You can now filter attachments based on file size.
- You can now tag email attachments individually, and allow AXIOM Examine to automatically tag the parent email when you tag its attachment.
- Email evidence loads more quickly due to performance improvements.
- Apple Mail | iOS: Updated carving support for deduplication.
- Audio: Updated support to include EXIF data.
- Discord, GroupMe, ooVoo, Pidgin | Windows: Updated support for recovering passwords and tokens so that they appear on the Cloud insights dashboard.
- Facebook Messenger | Android: Updated support for Groups and Users Contacted. [3220.127.116.11]
- Jump Lists | Windows: Updated artifact to include number of user interactions.
- KakaoTalk | Android: Updated support to include Sender Name for both messages and calls.
- LINE Messages | iOS: Updated support to include picture and video attachments. [12.13.0]
- Parsed Search Queries | Windows: Updated parsing support for Bing searches.
- Safari | iOS: Updated Safari to handle browser tab storage in iOS 16.
- Signal Backups | Android: Updated support to include new message types, such as Group Version Migration, Profile Change, and Missed Video Call.
- Signal | iOS: Updated support for Signal Messages. [iOS 14, Signal 5.54.0]
- Skype Activity | iOS: Updated parsing support to recover Skype Activity and attachments. [iOS 14.4.2, Skype 8.88.404]
- Snapchat Contacts | iOS: Updated support to include Legacy User Name. [11.93.0]
- WeChat | Android: Updated carving support for WeChat Messages.
- WhatsApp Messages | Android: Updated parsing support for deduplication.
- WhatsApp Messages | Android: Updated Sender and Receiver fragments to display the user's WhatsApp ID instead of phone number when applicable.
- WhatsApp Messages | Android: Updated support for group messages.
- Windows Event Logs | Windows: Updated artifact to include a Security User ID in the Connections explorer.
- Zoom | Windows: Updated parsing and carving support. [5.11]
- You can now limit Microsoft Cloud mail acquisitions using keywords and selecting specific folders.
- AXIOM will find and load the associated keychain file from a GrayKey image that follows the "_files_full.zip" naming convention.
- You will now be alerted when the amount of available disk space is less than 10GB or less than 2 times the size of the selected image.
- AXIOM will now inform the user if a VMDK descriptor file is invalid.
- Magnet.AI settings now appear in a more intuitive order in AXIOM Process under Processing details. All hash set settings now appear under "Calculate hashes and find matches", while Magnet.AI categorization settings appear under "Analyze chats with Magnet.AI" and "Analyze pictures with Magnet.AI".
- You can now search for known files in your AXIOM cases using hash sets from your organization's Hash Sets Manager database.
- You can now search for non-relevant files in your AXIOM cases using hash sets from your organization's Hash Sets Manager database.
- In the File system explorer, you can now view LevelDB databases in the LevelDB viewer and convert the data to ASCII, Base64 decoded hex or text, and more.
- When you create a CSV export using timeline data, the export now reflects the columns in the Timeline explorer.
- You can now filter attachments in the Email explorer based on file size.
- You can now allow AXIOM Examine to automatically tag the parent email when you tag an email attachment in the Email explorer.
- You can now tag individual email attachments in the Email explorer.
- AXIOM Examine now notifies you that the Email explorer is unavailable when the Timeline explorer is building.
- Performance improvements when loading email evidence in the Email explorer.
- Previously, acquisition of a jailbroken iOS device would fail with privileged access. -AXP-7135 NEW
- Previously, Process would crash if 500,000 or more quantifier values were used in a single regular expression pattern. -AXP-8821
- Security - CVE-2022-1253: Removed an unused vulnerable libde265 library. -AXP-9646
- XML text in the preview window was white, and wasn't visible to the user. -AXE-10635
- Chinese characters in Gmail messages weren't properly supported. -MA-3894
- Acquisitions of Signal backup data were recovering far fewer hits than expected. -MA-4539
- Some OneDrive data wasn't being acquired as expected. -COMP-1898
- When the AirDrop artifact was enabled, some image scanning would take a long time even if no AirDrop data was available. -COMP-1894
- Magnet.AI categorization was failing with a "no clients" error. -AE-2447
- When Hash Sets Manager was integrated with AXIOM Process, local known and non-relevant hash sets were being treated as central hash sets. These hash sets couldn't be edited and would disappear if Hash Sets Manager was disconnected from AXIOM. -AE-2777 NEW