Magnet AXIOM 5.0: Our Most Comprehensive and Flexible Version of AXIOM Ever

We’re proud to announce the availability of Magnet AXIOM 5.0!

With AXIOM 5.0, we’ve focused on the needs of the DFIR community to deliver the most comprehensive and flexible version of AXIOM to date.

We’ve brought huge enhancements to optimize the workflow and the ability to examine more artifacts — all with faster performance than previous versions of AXIOM. AXIOM 5.0 will allow you to apply keyword searches at any point during the investigation, manage media with ease, and process Linux images with artifact support.

You can upgrade within AXIOM or over at the Customer Portal.  

If you haven’t tried AXIOM yet, request a free trial here.  

With these new features and improvements, we’re excited to be able to reduce the time to evidence, improve the media management experience, and boost the power and functionality of AXIOM overall.

Apply Keywords Anytime

With AXIOM 5.0, we’re introducing post-processing keyword search functionality. Now, you won’t have to fully reprocess images to search for newly discovered keywords during an investigation.

You can perform any type of keyword search in AXIOM, at any time.

Keyword filtering was previously available when searching artifacts in AXIOM, but where the keyword post-processing capability truly shines is when completing a byte for byte “all content” search. Now you’re no longer limited to keyword searches up front.  

With keyword post-processing the workflow in AXIOM more closely aligns with the investigatory workflow, so you have more flexibility to search for what you need, when you need to.

Plus, because images aren’t being reprocessed and added back into a case, you won’t have to replicate investigatory work that would have been lost when reprocessing — allowing you to recoup that potential lost time.

Learn more about how to apply keywords to searches post-processing in AXIOM in this blog and how-to video.

Streamline Media Categorization with the New Media Explorer

The new media explorer in AXIOM 5.0 will let you do more, quicker in AXIOM — all while reducing exposure to duplicate CSAM material.

At Magnet Forensics, we’ve made it part of our mission to support Officer Wellness. With the new media explorer, we’re working to minimize exposure to CSAM during ICAC investigations, by hit stacking duplicate images based on hash ID so it only needs to be categorized once. The media explorer also extends the existing Officer Wellness features in AXIOM, such as auto-blur and break reminders after a predetermined number of images have been categorized.  

The media explorer will also surface up intelligent insights from the media, so you can get to the evidence faster. Plus, with the new intuitive filter panel, the volume of media can be quickly cut through to efficiently narrow the scope of an investigation. 

Learn more about the new media explorer in this blog and how-to video from Trey Amick.

Linux OS Artifact Collection

Linux runs virtually all the top one-million websites globally (96.3%) and 75% of all web servers[i] and can be another tool in perpetrators’ toolboxes.

Linux OS image processing and artifact support is now available in AXIOM 5.0 at an important time. CSAM circulation has been on the rise during the pandemic — largely via P2P networks, which tend to be backed by Linux servers.[ii]

AXIOM 5.0 includes 10 foundational Linux artifacts: SSH Keys​, OS Info​, Network Interfaces​, Sys Logs​, User Accounts​, Recent Files​, Trash​, Bash History​, Startup Items​, and Scheduled Tasks.

Now that Linux is supported in AXIOM 5.0, you can add more within one case file than ever before.

And in case you missed it, we also recently released the free MAGNET Chromebook Acquisition Assistant, and added 25 Chromebook artifacts in AXIOM 4.11. Together with Linux support, these additions have made AXIOM 5.0 truly the most comprehensive version yet.

Curious about LINUX Forensic Analysis? Learn more in this webinar with Ali Hadi, Brendan Brown, and Victor Griswald of Champlain College.

Want to learn more about the specific artifacts supported In AXIOM? Check out the blog from Jamie McQuaid here.

And if you’re looking for a handy resource that’ll give you a starting point for where to look for some of these artifacts on a Linux system, check out this new resource: Linux Targeted Locations Quick Reference Guide.

AXIOM 5.0 Boasts Faster Processing Speeds

Processing time is one of the key metrics that we monitor here at Magnet Forensics. With AXIOM 5.0, we’re excited to announce the ability to process more data, faster within AXIOM.

We’ve made several enhancements to the processing engine that has improved the speed of processing by up to 50% over AXIOM 4.11 in some cases. Even though test environments can produce results that are difficult to replicate in real-world conditions, we made sure to process example cases that reflect real world cases on a range of real forensic workstations.

Processing improvements ranged based on the source type: for mobile images we saw fairly consistent improvements of up to 30% in our tests over AXIOM 4.11 processing speeds, for Mac images the processing speeds of AXIOM 5.0 ranged between 28% – 50% faster than 4.11, and for Windows images there were improvements between 12% and 28%. The improved processing speeds reduce time to evidence significantly, allowing examiners to cut through evidence backlogs more efficiently with AXIOM than ever before.[iii]

Learn more about improved processing speeds in this blog, “Process Evidence up to 50% Faster with AXIOM and AXIOM Cyber 5.0

See more in this downloadable infographic.

Reorganization of Artifact Categories and Groupings

As AXIOM has matured, our volume and diversity of artifacts has increased, so we’ve updated these categories and groupings to make it easier for you to find artifacts and get to the evidence more quickly.

  • Old Category > New Category
  • Chat > Communication
  • Email > Email & Calendar
  • Mobile > Application Usage
  • Internet of Things > Connected Devices
  • Travel & Transportation > Location & Travel
  • Encryption > Encryption & Credentials

New Artifacts


  • Bash History
  • Network Interfaces
  • OS Info
  • Recent Files
  • Scheduled Tasks
  • SSH Keys
  • Startup Items
  • Sys Logs
  • Trash
  • User Accounts


  • Powershell Logs


  • Samsung Health Steps
  • Samsung Health User Profile

Updated Artifacts

  • Application Permissions
  • Burner
  • Chrome
  • Facebook Messenger
  • Google Meet
  • Grindr
  • Life360
  • MMS
  • Motion Photos
  • Powerlog
  • Signal
  • Slack
  • Snapchat
  • Telegram
  • TextNow
  • Twitter
  • Uber Cached Locations
  • WeChat
  • WhatsApp
  • Wickr
  • Yahoo Webmail

Get Magnet AXIOM 5.0 Today!

We’re always working to continually improve AXIOM, to make it our most comprehensive digital forensic platform. Switching between tools and formats takes time and processing backlogs are growing. When every second counts, it’s important do what we can to streamline the primary workflow of examiners. With AXIOM 5.0 we’ve released our most comprehensive and flexible platform to date, download it today.

If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in AXIOM Cyber here.

[i] Blackberry, “Decade of the Rats: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android”

[ii] INTERPOL, “INTERPOL report highlights impact of COVID-19 on child sexual abuse”

[iii] Results were achieved testing internally on forensic grade workstations. Your results may vary.

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.