Release Notes

Magnet AXIOM 4.9.0.23308 January 22, 2021

Artifact updates

Android

LINE

Motion Photos

Parler NEW

QQ

Signal New Users NEW

Signal Groups and Chats NEW

WeChat

Wickr

Yahoo! Mail

iOS

Google Calendar

Parler NEW

Private Photo Vault

Reddit

Snapchat Groups NEW

TamTam Messenger

Windows

Skype

macOS

Notes NEW

Signal NEW

Artifacts

• Google Calendar Reminders | iOS: Added support for recovering more detailed information about recurring reminders including frequency details.
• LINE Contacts | Android: Updated support for recovering contacts. [10.20.1]
• Motion Photos | Android: Recovered .jpg and .mp4 files are now combined into a single hit with two different evidence sources.
• Parler | Android: Added support for recovering users and activity.
• Parler | iOS: Added support for recovering users and activity.
• QQ | Android: Updated support for recovering file transfers and messages. [8.4.18]
• Reddit | iOS: Updated support for recovering usernames for recently visited Subreddits. [2020.43.0]
• Signal Messages | macOS: Updated support for previewing attachments. [1.38.2]
• Signal | Android: Added support for recovering groups, chats, and users and profiles known to the target account.
• Signal | iOS: Updated support for recovering group members and local users. [3.16]
• Signal | macOS: Added support for recovering messages.
• Skype | Windows: Improvements to logging for Skype artifacts.
• Snapchat Group Members | iOS: Added support for recovering group members.
• TamTam Messenger | iOS: Updated support for recovering channels, contacts, conversations, groups, and messages. In some cases, you might not be able to preview video attachments recovered for these artifacts. For more information about a workaround for viewing video attachments for TamTam Messenger, log in to the Customer Portal to review the following article: Reviewing video files from TamTam Messenger. [3.0.0]
• Updated Exif-enabled artifacts, such as Pictures and Videos, to include a new Exif Data fragment. The data for the Exif Data fragment are raw Exif value. For more information, log in to the Customer Portal to review the Exif data fragment for Exif-enabled artifacts article.
• WeChat | Android: Updated decryption support for messages and friends. [7.0.17]
• WickrMe | Android: Updated support to carve database files for deleted messages. [5.63.10]
• Yahoo Mail | Android: Updated support for recovering emails and user accounts. [6.12.1]

Cloud

• AXIOM now separates the header key from the header value using (:) instead of vertical bar (|) in email messages from a Gmail account.

Processing

• Added additional logging for the Passware feature.
• Magnet AXIOM Cyber customers with a CLS license will now see a message in the License Manager when your license is close to expiring or has expired.
• Users with a CLS administrator account can now release a connected license from the Currently connected licenses table in the Magnet License Manager. If you attempt to release a license from the CLS but receive an error message indicating that your username or password is incorrect, please reset your password and try again.
• Updated the terminology in the Extract text from files (OCR) option in AXIOM Process to more clearly indicate which types of files OCR is optimized for and that running OCR requires more processing time.
• When running OCR, the progress indicator now displays which PDF document or picture AXIOM is currently processing out of the total number of items.

Examining

• Added support for using templates and configuring columns to include for the Magnet REVIEW 2.0 export format.
• If you change the encoding on an email hit that includes a preview, the header fields within the preview now respect the change in encoding.
• If your case contains evidence that was processed as a drive scan, you’ll now receive a notification suggesting that you open AXIOM Examine in administrator mode when you save deleted files and folders locally to your computer or to a .zip file or try to open a deleted file with an external application from the File system explorer. Windows requires administrator privileges to access deleted files from drives on the system. For more information, log in to the Customer Portal to review the Run AXIOM Examine in administrator mode article.
• Updated the folder and file naming convention for portable cases to be more intuitive. The primary export folder is now called “PortableCase” and the secondary folder is now called “Case Files”.
• Updated the terminology of the option to include chat threads in the Create export / report wizard to more clearly specify the format of the chat thread report.
• You can now set the sort order (primary, secondary, and tertiary) for columns in your column configuration templates in the Create export / report wizard.
• You now have the option to blur or remove picture previews and remove attachments for contraband media in specific media categories in your PDF and Excel exports. The available media categorization options are based on the existing media categorizations in your case.

Bug fixes

• AXIOM was unable to acquire all messages from an Office 365 account when Microsoft reported a 504 gateway timeout error during the acquisition. -CAO-3255
• If the file path to your case folder included a # symbol as a prefix, PDF chat thread reports would fail to generate correctly. -AXE-8706
• If you generated a keyword matches report from the Keyword matches card on the Case dashboard, the Report generated date was always Monday, January 1, 0001. -AXE-8663
• Previously, deleted files from FAT and NTFS file systems were not scanned in non-Windows search types. -AXP-6047
• Previously, incorrect previews of videos were shown in chat thread reports generated using the HTML export type in Magnet AXIOM 4.8.0. This issue is resolved in Magnet AXIOM 4.8.1, and you do not need to reprocess cases created in Magnet AXIOM 4.8.0. -AXE-8735
• Previously, you were unable to acquire Google Drive backups of WhatsApp accounts. -CAO-3163
• When processing an image of a macOS computer, processing would sometimes time out and AXIOM Process would report that array dimensions exceeded supported range in the log files. -AXP-7570
• When you enabled the option to find more artifacts using the Dynamic App Finder, AXIOM Process would sometimes crash before you could create custom artifacts from the hits. -AXP-6814
• You were unable to acquire Tweets from Twitter Public Activity. -CAO-3532
• After providing the correct password Apple Notes for a macOS acquisition, the body of protected notes was not decrypted and the fragment was blank. -COMP-1233
• In some cases, V1 decryption would fail for the Private Photo Vault artifact for an iOS acquisition. -MA-2715
• The Options dialog for artifacts would stay on top of your screen even when AXIOM was minimized. -MA-2758
• The “Category” fragment for the following artifacts is now called “Type”: Installed Applications (iOS and Android), Pebble (Android), Pinterest (iOS and Android), Google Toolbar (Windows Computer and macOS), Pidgin (Windows Computer), Finder Sidebar (macOS). -MA-2578
• The “Category” fragment the following Windows computer artifacts is now called “Type”: Ares Shared Files, Ares Downloads, and Areas Incomplete Downloads”. -MA-2577
• The “Comments” fragment for the following Windows computer artifacts is now called “Comment”: Calc Documents, Excel Documents, Impress Documents, PowerPoint Documents, Shareaza Library Files, Word Documents, and Writer Documents”. -MA-2575

Known issues

• To search for information about known issues, visit the knowledge base at support.magnetforensics.com.