AXIOM icon
Release Notes
Magnet AXIOM 3.7.0.16279 November 04, 2019

Artifact updates

Android
CallLogs-icon Call Logs
Chatous-icon Chatous NEW
Contacts-icon Contacts
Pinterest-icon Pinterest NEW
Snapchat-icon Snapchat Messages
Windows
icon Locally Accessed Files
 OneDrive-icon One Drive
 Outlook-icon Outlook
 Viber-icon Viber
iOS
Chatous-icon Chatous NEW
Facebook Messenger 16-icon Facebook Messenger
iOS-Mail-icon Mail
Owner Information
PowerLog-icon PowerLog Battery Level
Snapchat-icon Snapchat
Telegram-icon Telegram
Wickr-icon Wickr Me NEW
macOS
-icon Operating System Information
Cross-platform
Videos-icon .webM
EncryptionAndAntiForensicsTools-icon Encryption / Anti-Forensics Tools
HumanTrafficking-icon Human Trafficking URLs
Videos-icon Tor and Onion URLs
Videos-icon Videos

AFF4 image support

Magnet AXIOM now includes support for loading and processing Advanced Forensic File (AFF4) physical images acquired from a macOS computer with a T2 chip using MacQuisition.

  • Starting in 2017, macOS computers have the Apple T2 security chip which provides hardware-assisted encryption for data stored on the system.
  • You can load and process a supported AFF physical image in AXIOM Process.
  • More details...

Google warrant returns

Google warrant returns can contain useful information about the owner of the Google account.

  • Import and process the Google warrant returns as part of your case.
  • Recover content such as account information, browsing history, chats, all media included in the package from Google Drive and Google Photos, and more!
  • More details...

KTX file preview support

KTX files are an image format often found on iOS and Mac devices. AXIOM will now generate an image preview of all KTX files and can be viewed within the Pictures artifact. In addition, the Safari Tabs artifact has been updated to include stored previews of open tabs. The Open Application artifact provides a snapshot of the application state when it was last closed by the user.

What's new in the AXIOM Cyber beta program

We've been busy making updates to AXIOM Cyber since our last release. Here are the new features we've introduced and the issues we've resolved:

New features

  • If AXIOM Process cannot connect to the agent because the port is busy, you can now either try to manually resolve the port conflict and then retry connecting to the agent, or you can return to the Manage agents screen and create a new agent. Note: If you create a new agent using a new port, you'll need to deploy and try to connect the agent again.
  • We've enabled more diagnostics to better help us understand how youíre using AXIOM Cyber and Remote Acquisition. Diagnostics are just one of the ways we get feedback about AXIOM Cyber. You can also send us feedback through your survey responses or by emailing us at axiombeta@magnetforensics.com.
  • AXIOM Process now provides a count of the number of potential items to download from the location you selected and indicates how many items have been downloaded successfully. To find out more details about why an item might not have downloaded, you can review the log.txt log file.
  • When choosing the items you want to download from the target computer, you can now manually refresh the list of files and folders, drives, and memory processes.
  • Increased the number of characters allowed for agent masking details.
  • When you load a Slack workspace data export, you can now filter the data by Slack members. You can add the display names of the Slack workspace members whose accounts you want to process. If you select specific members, only the channels and conversations the members are participants in will be processed. If you do not select specific members, the entire archive is processed.
  • AXIOM Cloud now includes support for processing private channels and conversations for corporate exports from Slack workspaces.

Bug fixes

  • Sometimes the agent was unable to connect to the remote computer. -CRA-608
  • When you acquired a physical drive or volume, the image was included in the process-memory.zip evidence source rather than a separate .bin file. -CRA-615
  • Previously, if you deployed the agent to a remote computer and the agent timed out, you were unable to deploy the agent to the same location on the target computer again. Now, if the agent times out, itís automatically deleted from the target computer. -CRA-66
  • Previously, when you tried to connect to the agent, AXIOM Process indicated that it was still attempting to connect but the log file indicated the connection attempt was successful. -CRA-580

Not part of the Magnet AXIOM Cyber beta program? To learn more or to apply, visit magnetforensics.com/axiom-cyber-beta

Artifacts

Cloud

Processing

Examining

Bug fixes

Known issues