Magnet AXIOM 6.7: Facilitating Access to More Data Sources
Magnet AXIOM 6.7 is now available! In this release, we’re introducing the automatic loading of iOS keychains to help ensure additional data sources are brought to the surface in your iOS extractions. This release also includes support for known and non-relevant hash sets in Hash Sets Manager Beta to help streamline the volume of data that needs to be reviewed.
You can upgrade to the latest version within AXIOM or over at the Customer Portal.
If you haven’t tried AXIOM yet, request a free trial here.
Automatic Loading of iOS Keychains
In AXIOM 6.7, iOS keychains contained in GrayKey mobile images will now be automatically recognized and pre-loaded. This feature saves examiners the step of manually loading the keychain file and helps to mitigate missing the keychain and the additional evidence it can provide from encrypted apps.
Keychain data can contain a wealth of information linked to a users’ Apple account including account names and passwords for websites and applications that can provide critical evidence for a case. Once these new data sources have been collected, you can leverage the analytical power of Magnet AXIOM to interpret, understand, and tell the story of your digital evidence.
Magnet AXIOM is purposefully designed to be able to ingest images from third-party tools integrating data from multiple sources affording examiners the best opportunity to uncover the critical data they need to close their cases, which is why we continue to improve and expand our support for third-party data ingestion.
To learn more about how to ingest, process, and parse iOS keychain data, check out the blog Keychain Pre-Processing and Easier Data Decryption for iOS in Magnet AXIOM.
Hash Sets Manager Beta Update
Since its launch with AXIOM 6.4 we have been gathering input on Hash Sets Manager from the current beta users and are happy to have added a much-requested feature – Known and Non-relevant hash sets
Commonly referred to as the DNA or fingerprint of digital files, hash sets are an invaluable tool for DFIR investigations, allowing you to quickly identify case-relevant and non-pertinent evidence related to your investigations.
The addition of know and non-relevant hash sets helps streamline the volume of data that needs to be reviewed by removing the standard files that aren’t relevant, such as operating system files and icons. A popular source of this data is the National Software Reference Library (NSRL) published by NIST. Known hash sets help to quickly surface known illicit files or files that can be a used to facilitate illegal activities.
The beta for Hash Sets Manager offers you a central database that allows you to automatically manage hash set distribution to instances of Magnet AXIOM or AXIOM Cyber in your lab, even if it’s offline.
Hash Sets Manager is an active beta in Magnet Idea Lab, so head over to the Idea Lab and sign up if you haven’t already to become a beta user. After you try the Hash Sets Manager, we would love to hear what you think.
In the meantime, check out the Tips & Tricks session to see it in action.
Updated Artifacts
AXIOM 6.7 also includes updates to several important iOS, Android, Mac, Linux and Windows artifacts.
- AirDrop
- Apple Mail
- Audio
- Discord
- Facebook Messenger
- GroupMe
- Jump Lists
- KakaoTalk
- LINE
- OneDrive
- Parsed Search Queries
- Pidgin
- Signal
- Skype
- Snapchat
- Windows Event Logs
- Zoom
Get Magnet AXIOM 6.7 Today!
We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this. If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in AXIOM Cyber here.