G Suite Admin Support and Screen Time Artifacts Now Available in Magnet AXIOM 2.8

Magnet AXIOM 2.8 is now available for download. Read more about what’s included in the latest release of AXIOM, including G Suite Admin Support, iOS Screen Time and other additional performance improvements.

Try it for yourself now! If you’re a customer, download AXIOM 2.8 right now either in-app or in the Customer Portal. If you want to try AXIOM 2.8 for yourself, request a trial today.

AXIOM Cloud – Recover Evidence with Administrator Credentials

G Suite Admin Support

User credentials are no longer necessary when conducting a G Suite investigation. Instead, you can utilize administrator credentials to access corporate Gmail and Google Drive accounts. Additionally, AXIOM Cloud collects audit logs for Google Drive accounts, giving you the opportunity to verify when users were logged-in and to review Google Drive activity.

Artifacts: Screen Time, KnowledgeC, and USB Devices

iOS

• Screen Time — This new artifact, found in iOS 12, allows you to recover application usage data — showing which applications a suspect was using.
• KnowledgeC — Provides app and device usage statistics such as device lock stats, apps that were in foreground, device plug-in/charge state, screen on/off, etc.

These are artifacts are available for GrayKey acquisitions, or acquisitions from jailbroken devices.

Windows 10

• USB Devices – We’ve added even more support for recovering data about connected USB devices. In the latest Windows 10 builds, large capacity USB devices are stored in a different registry location and AXIOM now recovers information about these connected USB devices.

Performance, Performance, Performance!

We’re continuing to make the performance capabilities of AXIOM as fast and smooth as possible. Here are a few ways we’re making everyday use of AXIOM better:

• Project VIC
  • We’ve made significant improvements to our Project VIC JSON exports, making them 2.5x faster than they were before.
• Video Deduplication
  • Building on the deduplication efforts we made in 2.7 for pictures, with AXIOM 2.8 we’ve worked to reduce the number of duplicate videos that will show up in your results. Now when AXIOM detects a valid video file, it will parse the content to recover and artifact and skip carving that same file.
• Thumbnails
  • Thumbnail view is one of the most popular views to analyze evidence in AXIOM and with 2.8 we’ve made it easier to sort and filter on artifact data within this view. Now, you can sort or filter on specific artifact attributes to view data in a more meaningful way to your case, such as chronologically.
• Method of Artifact Recovery
  • AXIOM 2.8 now shows if evidence was parsed or carved. Meaning that you can now filter out parsed or carved evidence — helping deduplicate the number of artifacts that you need to review.

New and Updated Artifacts

We’re always bringing new and updated artifacts to each release of AXIOM. Here’s what’s included in AXIOM 2.8:

• New in Windows
  • Your Phone (SMS & Photo Sync on Windows 10)
  • Windows 10 Large Capacity USB Devices
• New in iOS
  • iOS 12 Screen Time
  • KnowledgeC
• New in Android
  • Bluetooth Devices
  • Application Activity
• Updates
  • Contacts (Android)
  • SMS/MMS (Android)
  • KakaoTalk (Android)
  • Gmail (Windows)
  • Skype (all platforms)
  • iMessage/SMS/MMS (iOS)
  • iOS Call Logs (iOS)
  • Chrome History (Win/Mac)
  • Chrome Cache (iOS)
  • WhatsApp Groups (Android)
  • Encrypted Files

If you’re already using AXIOM, download AXIOM 2.8 over at the Customer Portal. If you want to see how AXIOM 2.8 can give you a better investigative starting point, request a free 30-day trial today!