Magnet AXIOM 6.6 is now available, and in this release, we’re introducing parsing for CLBX keychain, so you can uncover more from Cellebrite UFED and Premium iOS extractions. Plus, we are continuing to improve our analytical tools as you can now toggle between map points and clusters in World Map.
These improvements allow you to dig deeper into mobile extractions and quickly make sense of the data with enhanced views and greater capabilities to see nuanced information presented on screen.
You can upgrade to the latest version within AXIOM or over at the Customer Portal.
If you haven’t tried AXIOM yet, request a free trial here.
Keychain Parsing for CLBX Format
With AXIOM 6.6, you will now be able to parse the keychain from Cellebrite UFED and Premium CLBX format for iOS extractions.
Magnet AXIOM is purposefully designed to be able to ingest images from various third-party tools (such as GrayKey, UFED, and XRY), so when Cellebrite introduced the CLBX container—effectively a zip archive—to replace the DAR format for UFED and Premium extractions, we worked to provide full support for the format.
You can now leverage the analytical power of Magnet AXIOM to review evidence from encrypted apps, such as Wickr, Signal, and Snapchat in CLBX iOS extractions. With improved access to UFED and Premium iOS extractions, you can now leverage AXIOM as your primary analysis tool for GrayKey and UFED/Premium extractions, and benefit from navigating a consistent UI.
Plus, AXIOM can do the heavy lifting for you. If you process the keychain.plist file as a Files & Folders search, Magnet AXIOM parses the file and extracts any keys that it discovers. You can then view the results in the artifact.
To learn more about how to ingest, process, and parse the keychain from CLBX, check out the “Loading Cellebrite Images into Magnet AXIOM” blog.
World Map Cluster and Map Point Toggling
With the AXIOM 6 series, we’ve been focused on improving the power of our analytical tools such as Media Explorer, Cloud Insights Dashboard, Timeline, Connections, and Magnet.AI, and with AXIOM 6.6 we’re introducing the ability to toggle between clusters and points for the World Map.
Being able to toggle between maps clusters and points gives you more control in how you want to view and manage the precision of your evidence. The individual points, for example, are helpful when doing analysis on the precise location of a point, giving you a more in-depth analysis of where exactly the suspect/victim was, while clusters give you the high-level overview of where the suspect spent time more generally.
To learn more about our analytical tools, check out this blog.
Hash Sets Manager Beta Update
With AXIOM 6.4, we introduced an integration with the beta version of Hash Sets Manager and now with AXIOM 6.6, we’ve already made strides to improve the beta. The beta for Hash Sets Manager offers you a central database that allows you to automatically manage hash set distribution to instances of Magnet AXIOM or AXIOM Cyber in your lab, even if it’s offline.
Now you can sync hashes back from AXIOM to the Hash Sets Manager. When new media was graded, there wasn’t an easy way to sync those back to the HSM for use on future cases. With the introduction of the Sync Back functionality, we also added the ability to protect a hash set so that it’s read-only and cannot be updated via syncing back from Examine.
Hash Sets Manager is an active beta in Magnet Idea Lab, so head over to the Idea Lab and sign up if you haven’t already to become a beta user. After you try the Hash Sets Manager, we would love to hear what you think.
In the meantime, check out the Tips & Tricks session to see it in action.
New and Updated Artifacts
AXIOM 6.6 adds the new iOS artifact support for CLBX keychain parsing, along with updates to several other important iOS, Android, and Windows artifacts.
- Apple Keychain for CLBX // iOS
- Apple Mail
- Bluetooth devices
- Microsoft Teams
- Skype Activity
- Snapchat Messages
- Wickr Me
Get Magnet AXIOM 6.6 Today!
We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.
If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft office 365, check out what’s new in AXIOM Cyber here.