Remote Desktop Protocol
- Apple Pay: Updated support to recover transaction histories for cards associated with the Apple Pay wallet. [iOS 11]
- Chromium browsers | Windows: Updated support for recovering credit card information and timestamps. [79.0]
- Chromium browsers | MacOS: Updated support for recovering credit card information and timestamps. [79.0]
- Custom artifacts: Added support for plotting custom artifacts in World Map view.
- Device Information | Android: Added support for recovering the advertising ID of the device.
- DropBox | Windows: Updated decryption support. [83.4]
- Facebook Messenger | iOS: Groups now list sender names instead of IDs.
- Google Maps | Android: Updated support to recover latitude and longitude data. [10.32]
- Google Searches | All Platforms: Updated support to recover the load date and time of the previous page.
- Instagram | iOS: Added support for recovering posts. [111.0]
- Pinterest | iOS: Updated support to recover pin descriptions, timestamps, linked websites, images, and pinner ID. 
- ScreenTime | iOS: Added support for recovering visited domains.
- ShimCache | Windows: Added support for parsing the executed flag.
- Signal | iOS: Updated support for recovering local users, contacts, and group members. [3.2]
- Snapchat | Android: Updated support for recovering photos, videos and audio recordings sent in chats. [10.72]
- Twitter | iOS: Updated support to recover direct messages and users. [8.5]
- VK | Android: Updated carving support to recover messages and user information. [5.47]
- VK | iOS: Updated carving support to recover messages and user information. [5.47]
- Videos | All platforms: The Carved Videos artifact is now deprecated and carved results are displayed in the Videos artifact.
- You can now recover data from Uber user accounts, such as Trip Info.
- AXIOM Process now uses the latest version of the Passware SDK to improve McAfee encrypted drive decryptions, as well as resolve the issue of unencrypted HFS+ drives being falsely detected as encrypted.
- For searches of FAT file systems, AXIOM Process will now automatically deduplicate results from unallocated space if they are covered by a range of space that's occupied by a known deleted file.
- The “Sources to process” table in AXIOM Process has been updated for consistency with AXIOM Examine.
- To better identify which files were unable to be fully processed, the “Search complete” screen now lists the file name rather than the entire file path.
- When you enable the Dynamic App Finder, AXIOM Process displays the “Search complete” screen so that you can immediately view the scan summary.
- Custom artifacts now appear in the World map view in AXIOM Examine.
- Project VIC exports now contain a Source ID so that you can find out which evidence source the picture or video came from.
- You can now edit the column filters from the Filters bar.
- When you connect to an outdated agent, it will now update automatically.
- Security enhancements to the connection between the agent on the target computer and the workstation running Magnet AXIOM.
- When viewing individual memory processes to acquire, you can now view a process’s parent process, which can help you identify hidden malicious processes.
- AXIOM Process was unable to acquire data from Google Activity. -CAO-2717
- Email addresses retrieved from Office 365 audit logs were not appearing in the Identifiers refined results artifact. -CAO-2722
- IMAP/POP mail acquisition has been improved to capture messages in all selected top level folders and one level of subfolders. -CAO-2729
- In some cases with a large amount of media files, media categorization would time out and not complete successfully. Media categorization will no longer time out, but you can now cancel a scan during media categorization. -AXP-5684
- Previously, when you loaded memory using the Volatility Framework, AXIOM Process pre-selected the first listed Volatility profile. -AXP-3871
- When processing an image of a FAT file system, AXIOM Process would sometimes appear to stop processing or performance was degraded. -AXP-3622
- Sometimes, AXIOM Process would crash when attempting to process an Apple warrant return .zip file. If AXIOM Process is unable to process the warrant return file, you’ll now be prompted to repair the warrant return by extracting the contents and then re-zipping the extracted folder. -CAO-2452
- Sometimes, AXIOM Process would crash when attempting to acquire Facebook account data. -CAO-2685
- Sometimes, AXIOM Process would return an error when attempting to process a Google warrant return .zip file. If AXIOM Process is unable to process the warrant return file, you’ll now be prompted to repair the warrant return by extracting the contents and then re-zipping the extracted folder. -CAO-2721
- Sometimes, portable cases would fail to be created when they contained a large amount of media items or chat threads. -AXE-7817
- When an image was processed, temp files were being stored in the location where AXIOM Process was installed, rather than in the case folder or the custom location you configured. -AXP-5910
- When the Dynamic App Finder was enabled, the Case Information.txt log file incorrectly showed that it was not enabled. -AXP-1195
- When you tagged files with matching hash values in AXIOM Process, these tags would appear in the File system explorer in AXIOM Examine, but the corresponding artifacts would not get tagged. -AXE-7812