Magnet AXIOM 6.9: Providing Insight Into LevelDB Databases

We are thrilled to announce the release of Magnet AXIOM 6.9! This release adds and expands on a number of features that will help ensure you have access and insight into key evidence sources for your investigations, including:

• Updated LevelDB Viewer
• Improvements to Apple Warrant Returns
• Automatic Loading of iOS Keychain Data

In addition to these new features, we’ve also updated several artifacts to keep your evidence sources current with the latest apps and services.

As we near the end of 2022, we also have a new webinar, AXIOM Feature and Functionality Highlights From 2022, lead by Kim Bradley from our Forensic Consultants team that provides an overview of some of the most noteworthy features that were added into Magnet AXIOM this year.

You can upgrade to the latest version within AXIOM or over at the Customer Portal.   

If you haven’t tried AXIOM yet, request a free trial here.

Updated LevelDB Viewer

You can now preview the content of LevelDB databases right in File System Explorer, streamlining the review process of this increasingly popular database format.

LevelDB is an open source key-value storage engine developed by Google as “a building block for higher-level storage systems”. LevelDB has been ported to a variety of Unix based systems, Mac OS X, Windows, and Android and is also commonly used in mobile applications.

A notable application is Google Chrome’s use of LevelDB to facilitate on-disk storage for popular web-based versions of applications, which can provide important insight into popular communications tools. Chrome is the leading internet browser in the world with a global market share of over 65 percent, and this prominence is even higher when we consider that Opera, Android Browser, Samsung Internet, and Microsoft Edge all use Chromium, the open-source version of Chrome as their codebase.

To learn more about LevelDB databases in AXIOM, check out the blog: Leveling the Playing Field With the LevelDB View in Magnet AXIOM and AXIOM Cyber.

Improvements to Apple Warrant Returns in Magnet AXIOM 6.9

This release also includes a number of improvements to the speed and functionality of Apple warrant returns in AXIOM, making it easier to navigate and access these important evidence sources.

We have updated our Apple Warrant Return Assistant—a free tool used to download, decrypt, and decompress Apple warrant returns—so that files zip significantly faster. We’ve also added messages to help troubleshoot inconsistencies in the source files.

AXIOM can now also be used to easily capture records of iMessage and SMS/MMS messages sent from Apple when they are included in iCloud data in an Apple warrant return. These files are otherwise hidden away within several other folders making them difficult to locate and review. With Apple’s messaging platform reported to have approximately one billion users, these chat records will be a common source of key evidence.  

Adding Apple warrant returns in AXIOM is now easier than ever, with the ability to accept both encrypted and decrypted returns through the Cloud load workflow. You can also select multiple decrypted Apple warrant return .zips to be processed as individual evidence sources at the same time. Or for large Apple warrant returns, you can select zips of individual files to be processed as their own evidence source to ensure you have all of the necessary data in the format that best suits your investigation.

For more information on working with Apple warrant returns in AXIOM, check out our blog: Apple Warrant Returns in Magnet AXIOM

Automatic Loading of Embedded iOS Keychains 

Over the course of the last few releases, we have been refining the loading of iOS keychains from GrayKey and Cellebrite mobile images so that they will be automatically recognized and pre-loaded. This feature saves the step of manually loading the keychain file and ensures that the keychain is properly leveraged to get you the additional evidence it can provide from encrypted apps.

Keychain data can contain a wealth of information linked to a users’ Apple account, including account names and passwords for websites and applications that can provide critical evidence for a case. To learn more, check out the updated blog Loading iOS Full File System Images from GrayKey and Cellebrite into Magnet AXIOM.

Updated Artifacts  

AXIOM 6.9 provides updates to several important iOS, Android, Linux, Windows, and MacOS artifacts. 

Updated Artifacts 

• Facebook Messenger
• Google Maps
• Default Browser
• iMessages/SMS/MMS
• Apple Notes
• Cloud Apple Messages (Warrant Return)
• Quick Look Thumbnails
• Microsoft Teams
• Reminders
• Safari Suspended State Tabs
• TikTok
• Videos
• WhatsApp
• Event Logs Script Events

Get Magnet AXIOM 6.9 Today! 

We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.  If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in AXIOM Cyber here.