New Features

AXIOM Cyber 6.3: Building and Refining Incident Response Capabilities

In Magnet AXIOM 6.3, we’ve continued to expand the incident response capabilities of AXIOM Cyber—further developing recently introduced features and adding new ones along the way.

This release also introduces a new processing option that can expedite your investigations and help you get to your evidence faster.

Keep reading to learn more about each of these new features in AXIOM Cyber 6.3:

  1. Targeted Location Profiles
  2. Parsing-Only Processing and Post-Process Carving
  3. Updates to Email Explorer
  4. New Remote Volatile Artifacts
  5. New and Updated Artifacts

If you haven’t tried AXIOM Cyber yet, don’t hesitate to request a free trial here.

Targeted Location Profiles

For frequently repeated collections, you can now create Targeted Location Profiles. These profiles can be used to standardize the collection locations for different investigation types, saving you the time needed to re-build the collection criteria for every case. Additionally, standardized profiles provide consistent and repeatable data collection across the DFIR team. Targeted locations can include both default system locations as well as locations that you’ve added.

To learn more about how targeted locations can be used in incident response and eDiscovery investigations, check out our new blog post: Standardizing your Collections with Targeted Location Profiles in AXIOM Cyber.

Parsing-Only Processing and Post-Process Carving

The amount of digital evidence in corporate investigations continues to grow significantly as our increasingly hybrid workforces rely on digital productivity, communications, and collaboration tools. To save time when processing large data sets, AXIOM Cyber now provides the option to process evidence with parsing-only. In testing this feature, we found that parsing-only processing can be as much as 70% faster than full processing and carving.

While parsing-only processing recovers fewer artifacts than a complete scan, some cases may only require parsed processing to obtain the required evidence. Where necessary, run a deeper dive post-process carving to examine the evidence in greater detail.

To learn more about how to use this new processing option see our blog post and video: Take Control of Digital Evidence Processing: Parsing-Only Processing and Post-Process Carving.

Updates to Email Explorer

Expanding on the functionality of Email Explorer (introduced in version 6.2), this release adds advanced search capabilities to the intuitive email interface. You now have the options to include or exclude certain items in searches or refine your search string with “or, and & not” to make finding the right evidence even faster. 

We were also able to improve the load time of email results providing a much snappier experience, especially for larger evidence sets. Recognizing that reviewing email evidence is especially important for eDiscovery investigations, we have also added the ability to easily select and export multiple records for legal stakeholders.

To see the Email Explorer in action, check out our blog post from the recent 6.2 release.

New Remote Volatile Artifacts

In AXIOM Cyber 6.2 we introduced a new artifact category, volatile artifacts, which allows you to remotely collect live system information. This release expands the remote volatile system artifacts to include services and scheduled processes for Mac, Windows, and Linux endpoints.

Because these processes can run after the initial start-up, they can be used by cyber attackers to avoid detection and for persistence or delayed execution of malicious code.

New and Updated Artifacts

As with all releases of AXIOM Cyber, there is also support for several new and updated artifacts to help keep your investigations current with the latest corporate apps and services developments, including:


  • Find My // iOS​
    • Devices​
    • Items ​
    • Locations ​
  • Windows Search // Windows​
    • Calendar
    • Contacts
    • Images 
    • Internet Explorer
    • Office Documents
    • Outlook


  • Android User Accounts
  • Apple Maps Trips
  • Cloud MBOX E-mails
  • Cloud Gmail Messages
  • Cloud iCloud Messages
  • iCloud Local Files
  • iOS User Notification Events​​
  • MBOX E-mails
  • Outlook Email
  • Remote Desktop Protocol
  • Signal Users​
  • Skype Accounts​
  • Snapchat Chat Messages​
  • Telegram Chats
  • Telegram Messages
  • Refined Results
    • User Accounts
  • WeChat
  • WeChat Messages
  • Windows Event Logs
    • Firewall Events
    • Networking Events
    • Office Alerts Events
    • Scheduled Task Events
    • Script Events
    • Services Events
    • Storage Device Events
    • System Events
    • User Events
    • User Pnp Events

Get Magnet AXIOM Cyber 6.3 Today!

If you’re already using AXIOM Cyber, download 6.3 over at the Customer Portal. If you want to try AXIOM Cyber for yourself, request a free trial today!

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.