We’re working hard to make sure that that the day-to-day experience of using Magnet AXIOM is improving all the time. With the latest version of Magnet AXIOM, Magnet AXIOM 2.5, we’re continuing to build on the huge features we’ve brought in with AXIOM 2.0. We know that differences of hours — or even minutes — can be crucial in an investigation and we’ve been busy ensuring that working the case takes less time than ever.
AXIOM Process Improvements
Thanks to numerous enhancements in AXIOM Process, we’ve reduced scan times by up to 40% on machines running higher-spec hardware (typically more than 8 cores), so a case that would take 14h31m now finishes in 7h53m.
AXIOM Examine Improvements
We’ve made updates to how data is stored in case files to reduce the case size — dramatically reducing the amount of time it takes for cases to load. In addition to faster case load times, you’ll notice that filtering, keyword searching, and Connections-building will now all be significantly faster (an average improvement of 60%).
For a deeper look at all of the performance improvements we’ve brought to AXIOM 2.5, check out this helpful infographic.
Recover Evidence from Locked Qualcomm-Based Devices
We’ve brought new functionality to give you the ability to bypass the passcode and recover a full physical acquisition on Android devices that use Qualcomm Chipsets — this supports approximately 140 devices across multiple manufacturers such as Samsung, Xiaomi, ZTE, Oppo, and Alcatel.
With Qualcomm devices, you can use Emergency Download (EDL) mode to recover data from a device and perform tasks like unbricking or flashing the device. On supported devices, Magnet AXIOM can use EDL to extract a full image. Get an in-depth look at the different options available to put a phone in EDL mode.
Additionally, we’ve improved our previously announced LG lock bypass feature. With AXIOM 2.5, the LG Bypass technique is 50% faster at recovering physical images on LG devices. It also supports LG devices using a UFS memory chip.
Cloud Improvements for Facebook and Box.com
When you’re acquiring content from Facebook accounts with large numbers of friends, you’ll see a significant improvement in the time required to download the account data. In addition, we’ve resolved an issue where features within a user’s account would be temporary locked out by Facebook.
You’ll also notice a significant improvement within the AXIOM Process user interface when browsing cloud directories containing a large number of files and folders on Box.com.
Improved Parsing Deleted Files for Artifacts
AXIOM now looks at deleted files that are still present in the $MFT or FAT records and parses them for artifact hits. Parsing deleted files for artifacts will help you recover valuable metadata like time/date stamps and file names.
AXIOM Cloud — Proxy Support
If your computer is unable to automatically detect proxy settings, you can now specify proxy settings directly in AXIOM, giving you improved flexibility for different network configurations. This capability is important for recovering data from corporate cloud environments.
Archives & Mobile Backups
AXIOM can now recover artifacts in a situation where archives are nested in other archives — possibly helping uncover valuable evidence that could otherwise be missed. If this type of search isn’t required in your investigation, you can decide to turn off archive searching in any given scan.
Encrypted mobile backup artifacts have also been moved from the artifacts screen to a dedicated screen in AXIOM Process — giving you the option to turn off processing of nested mobile backups in computer images if you don’t want to search them.
We’re always bringing new and updated artifacts to each release of AXIOM. Here’s what’s included in AXIOM 2.5:
- New in iOS:
- Cached Locations
- Wallet Passes
- Apple Pay History
- Seen Bluetooth Devices
- Siri Message Search
- New in Android:
- Google Duo (with iOS)
- IMEI, IMSI, ICCID
- KakaoTalk (Windows)
- iMessages (iOS)
- Twitter (Android/iOS)
- Viber (Android/iOS)
- Shareaza — CPS (Windows)
- Malware/Phishing URLs