Since introducing Magnet AXIOM, we’ve continued to hear from our customers that it continues the standard for excellence that IEF started: not just to find more evidence, but also to tackle some of digital forensics’ most enduring challenges. We wanted to take some time to call out five ways we strive to deliver phone forensics capabilities you can depend on:
1. Native Acquisition Improvements Include More Methods and Devices
We introduced physical acquisitions from Android devices last year via our custom recovery flashing method. While we started with 680 Samsung devices, we now support more than 1300 Samsung models using this method. In recent months, we’ve even expanded our physical acquisition repertoire to include physical extraction from LG devices and passcode bypass using the MTP method.
All of this adds to our existing logical acquisition methods, which rely on documented OS backup processes and commands. By combining logical acquisition methods within our Quick Extraction process, we produce an image with more data—and higher value content—for Android and iOS devices. Together with AXIOM Cloud, these methods are often your next best bet to obtaining actionable evidence and intelligence from an encrypted smartphone.
2. Our Toolbox Approach Allows for More Third-Party Image Ingestion
We know how important it is for you to have a range of tools to accomplish a variety of tasks. As our Founder and CTO Jad Saliba told Griffeye CEO Johann Hofmann last year:
“The greatest impact we can have is the impact we have by working together. When I was building IEF, and then working with our team to build AXIOM, one thing that was really important was that we be able to work with other third party tools. We don’t want anything to get missed, so being able to integrate data extracted by other tools was paramount.”
That’s why, when it comes to phone forensics, we focus on applying our core analytical strengths to images extracted using GrayShift, Cellebrite UFED, Oxygen, and MSAB XRY, as well as JTAG and chip-off extractions. From there, other third-party integrations, such as the workflow between AXIOM and Griffeye AnalyzeDI, allows you to examine the evidence more deeply and smoothly.
3. We Support 25% More Chats and Pictures, and More Data from Unsupported Apps
These integrations offer another dimension to our focus on the analysis of artifacts (versus the file system). This focus enables AXIOM to recover and parse a greater depth of chats, picture and video content, as well as data from unsupported app databases, on Android, iOS, and Windows smartphones.
This capability would not be possible without our deep, unmatched experience with Internet and social media messaging tools. It’s what enabled us to develop the Dynamic App Finder, which helps you recover more artifacts from unallocated space by extracting chat, geolocation, personal information, and website data from fragmented files that are not sequential, out of order, or missing entirely.
For pictures, Magnet AXIOM’s support for the most popular RAW picture formats makes it possible to recover gigabytes’ worth of images and videos from internal storage and SD cards. Examine compressed files, and search specifically for pictures and pictures tagged with known names, or data of interest.
4. Improving on Our Best-in-class Chat Support with Magnet.AI
Our chat and picture support story isn’t complete without talking about Magnet.AI, which recently saw major enhancements with additional supervised learning models. In addition to child luring, you can now use Magnet.AI to analyze mobile chat and text messages for sexual conversations. Now, chats associated with human sex trafficking and employee misconduct can be retrieved from mobile devices.
In addition, Magnet.AI’s new models make it possible to analyze pictures and video for weapons, drugs, and child sexual abuse material. Whether these are shared through messaging, shared to social media, stored in the cloud, or otherwise accessible from a mobile device, when you run Magnet.AI against processed images, it will flag any relevant images as “possible” evidence for review. (These are highlighted in the “Places to Start” column in our new Case Dashboard.)
5. Connections in AXIOM Shows Links between Artifacts and Multiple Devices
Multiple acquisition methods, third-party image ingestion, and more data found means you need a way to manage it all in a way that gets you to the answers you need. Just because you found data on a device doesn’t mean the device owner put it there; people share devices, and distractor data is likely, too, based on what the mobile app accesses and stores for its own purposes.
Connections in AXIOM is one way to cut through the noise. It’s a way for experienced forensic examiners to automate the way they show artifacts’ relationship with one another to show how an artifact came to exist on a device, or across devices. It’s also proving to be a way to help beginner or intermediate examiners understand those relationships, why they matter, and how they look within the file system.
We deeply appreciate that, as complicated as mobile forensics continues to be, you continue to trust our software to give you the robust acquisition, third-party image ingestion and tool integration, and a variety of ways to find, parse, and interpret data from mobile devices. Vote for AXIOM now as Forensic 4:cast Phone Forensic Tool of the Year!