To help you work as efficiently as possible when collecting and examining from mobile evidence sources, we’re excited to introduce our latest mobile integration: you can now initiate processing of all filesystem and other extractions with Magnet AXIOM and Magnet AXIOM Cyber directly from a Magnet GRAYKEY or VERAKEY on the same network. This includes the decryption of keychain (iOS) and keystore (Android) data, providing access to additional device passwords and application data.
This feature will help to speed up your mobile workflows by eliminating previously required steps and manual touchpoints while helping you surface the most data and provide the best analysis and insights for your case.
For the purposes of this post, we will continue to reference AXIOM and GRAYKEY, but the same process also applies to our corporate customers using AXIOM Cyber and VeraKey devices.
Combining the Capabilities Magnet AXIOM and GRAYKEY
The combination of AXIOM and GRAYKEY gives you the most powerful and easiest to use end-to-end solution for investigations that involve evidence from mobile data sources.
AXIOM was designed to support the most in-depth analysis of mobile devices—including uncovering and parsing data from GRAYKEY extractions. AXIOM’s powerful image processing, advanced mobile artifact coverage, and built-in analytics features like Connections, Timeline, Media Explorer, Cloud Insights Dashboard, and Magnet.AI can help you quickly get the evidence you need and automatically generate insights that could lead to important breakthroughs in your case.
GRAYKEY is the leading mobile data access and extraction tool, offering same-day extractions on locked and unlocked iOS and leading Android devices. GRAYKEY’s comprehensive mobile device coverage and powerful extraction capabilities help you quickly get the most data from your mobile sources, irrespective of the device state.
The benefits that come from combining these two industry leading solutions, include:
- A complete end-to-end solution for mobile investigations
- Acquire the most mobile evidence possible, including deleted data, with industry-leading access, extraction, parsing and carving
- Expedite your investigations with features that mitigate manual processes and streamline your investigative workflow
- Combine mobile data with computer, vehicle, and cloud sources for review, analysis, and reporting, all in one platform
Now that we’ve officially joined forces, we’ve been hard at work adding even more valuable new functionality between our products to help you to streamline your mobile workflows even further!
How to Enable the GRAYKEY to AXIOM Integration
To start this integration, a one-time configuration must first be completed in AXIOM. To access the configuration settings, make sure to download or update to the latest versions of both AXIOM and GRAYKEY. Both the GRAYKEY and AXIOM instance will need to be on the same subnetwork to configure and use this integration.
Open AXIOM Process and navigate to Tools > Settings
Then scroll to the bottom of the settings page and select GRAYKEY / VERAKEY Discovery
Once you have checked the GRAYKEY / VERAKEY Discovery, configuration choices will be displayed.
You have the option to select the port number to be used, as well as location for the Acquired Evidence and Location for the Case Files that will be pulled from the associated GRAYKEY or VERAKEY device.
You then need to click on the Start Service box. This will allow the connection between AXIOM and the GRAYKEY / VERAKEY unit. You will see the red dot (not currently connected) change to a green dot (connected) successfully.
You can then scroll down a little further where you will be able to open a dashboard to view the integration status. If you click on the Open Dashboard, it will take you to an AXIOM Process GRAYKEY / VERAKEY integration status page on your GRAYKEY or VERAKEY device. This interface will allow you to see the Image Name, Image Type, GRAYKEY Address, Start Date, Completed date, Status, and Description.
Now that this has been set up within AXIOM, we can navigate to the associated GRAYKEY or VERAKEY unit to start extracting mobile images and initiating processing in AXIOM.
Launching an Extraction Directly from GrayKey into AXIOM
Once you have completed the setup in AXIOM, all configured AXIOM instances will display in the dropdown menu of the GRAYKEY Interface. This allows you to stay in the GRAYKEY interface and push extraction to AXIOM workstations on your local network for processing.
Extractions can be sent automatically to AXIOM during the initial access phase of the extraction or once the extraction has already been started via the “send automatically to AXIOM” button in the GRAYKEY interface.
You can monitor detailed progress status of the AXIOM image processing through the new GRAYKEY web dashboard.
AXIOM automatically validates that the files were correctly loaded using the hashes. and will then process the case. Once processing has completed, you can then begin examining the mobile data via AXIOM Examine using the built-in analytics features to quickly find the evidence you need for your investigation.
Learn More About AXIOM and GrayKey
Want to know more about how GRAYKEY and Magnet AXIOM can work together? Reach out to us at firstname.lastname@example.org for more information.
To experience the mobile image processing capabilities of AXIOM or AXIOM Cyber for yourself, update to the latest version over at the Customer Portal or request a free trial today!