New update includes machine learning that helps identify luring content, full disk decryption, PST exports and more
Today we released the newest version of Magnet AXIOM! AXIOM 1.1 is truly the culmination of a year’s worth of effort by our team to grow our complete digital investigation platform into a mature go-to forensic tool.
I know we say this a lot, but it remains true: Our products are shaped by customer needs, customer feedback, and innovation AXIOM represents the pinnacle of our commitment to helping solve forensics issues with innovative technology, and you will see that its new features and growth are tied directly to customer feedback.
Jad Saliba, our founder and CTO, and Geoff MacGillivray, our VP of Product Management, tell you a bit more in this video:
First, what’s new?
Artificial Intelligence in AXIOM: We’re pretty excited to introduce Magnet.AI. What’s that, you say? Magnet.AI is our new machine learning technology. It’s able to contextually analyze content. In its first use, Magnet AXIOM leverages Magnet.AI to narrow chat results by finding conversations that have potential child luring intent. Basically, Magnet.AI can evaluate massive amounts of chat data and suggest chats that should be examined for child luring.
As Geoff says in the video – imagine a case with hundreds of thousands of chat results. An examiner needs to find relevant conversations quickly to ensure charges are laid, or to help find a missing person. Magnet.AI can recommend the conversations that are most likely to contain luring so that examiners can triage and quickly produce preliminary results.
Full Disk Encryption: We have also partnered with Passware (Magnet Forensics and Passware Partner to Provide Full Disk Decryption in Magnet AXIOM) to provide full disk decryption capabilities. Support for BitLocker and TrueCrypt decryption is integrated directly into AXIOM. This means you can run decryption on these two popular encryption tools right from AXIOM! And it’s part of your AXIOM license – no additional fees. This was a big ask from a lot of our customers and we are thrilled to partner with the leading provider of decryption tools to bring this support to you.
Two notes to make here: 1. We are continuing our partnership with Passware, and you will soon see us expand our support to other popular encryption tools. 2. The Passware integration is optional. If your organization has requirements or security protocols that do not allow you to run decryption, you can choose the version of AXIOM that does not include Passware.
Add New Evidence: Customers have been asking for this since AXIOM launched. In AXIOM 1.1, we now support the addition of new evidence to an existing case file. If a new device comes in that could be related to the case, you can process it and add the data to a current examination.
A year’s worth of growth
AXIOM 1.1 marks AXIOM’s twelfth update in a year of evolution and growth. We have had a few key areas of focus this year. We want AXIOM to be best-in-class for email forensics and chat forensics, and we want to make sure this powerful, robust platform leads the way in performance.
In the upcoming weeks, we will be posting a bit more on each of these areas to show you the AXIOM: Year One journey. Stay tuned (Hey! What a great time to subscribe to our blog over there on the right) But for now, a brief overview:
Performance, Performance, Performance: We know it was the number one issue when AXIOM launched. Our processing performance times were not what people expected. We were slower than our own Magnet IEF.
Now AXIOM searches for more artifact definitions, in more places in the images, and recovers more evidence, 30% faster (on average) than it did at launch. (The proof is in the numbers – check out this blog on our performance times. We will be providing updated numbers in a more in-depth blog looking at the changes in performance over the last year.)
One of the biggest performance impacts was the way we indexed the data in AXIOM for searching. By indexing all the data during the processing stage, instead of indexing during each artifact search, we made searching much faster in the examination stage. But the cost was performance. As soon as customers showed us the use cases that were resulting in slower performance speeds, we went to work. Now processing speeds are better than IEF – so we are providing more in less time by bringing acquisition, searching and indexing into one step.
A focus on Chat: Throughout the year we have focused on our support of chat forensics. We have added new artifact support directly linked to chat apps such as Signal and Wechat, as well as apps with chat features such as Musical.ly (Oh, it has chat: Music App Grooming), and we have improved the visualization of chat in our analysis tools. Throughout the last 12 months, we have redesigned our chat threading views to allow you to see the flow of conversations easily.
Don’t forget: you can easily jump from artifact data to its raw data location in the file system with AXIOM’s Source Linking (quick data location verification? Yes please.) and you can export the chat in conversation view for your reports, making it easier for stakeholders to understand the evidence.
Let’s not forget Email: Since its release, a number of email formats have become supported in AXIOM. AXIOM 1.1 brings new Outlook-specific support including exporting as PST files, giving investigators a realistic view into the original source material.
Continued growth: We are still looking at ways to improve AXIOM to help our customers get to the relevant data faster and still credibly. We are working on ways to enhance analysis. We’ll be leveraging Magnet.AI in some new and exciting ways. We’ll look at how we can better collaborate. And, of course, we’ll be talking to customers to understand their needs and make sure we are aligned with them.
Do you have questions or feedback? Please email me at firstname.lastname@example.org.
If you are interested in a free trial of AXIOM, you can easily sign up for one here.