Magnet AXIOM 7.5 – Continuing to Improve Mobile Investigations With Magnet AXIOM and GrayKey
We’re excited to announce the release of Magnet AXIOM 7.5! This latest version of AXIOM adds several new features to help make your digital evidence analysis and reporting faster and easier.
AXIOM’s integration with GrayKey makes it easy to ingest, process, and examine iOS and Android data from GrayKey, and we’ve been hard at work adding even more valuable functionality to improve your mobile workflows even further! This release includes two features that will help streamline your mobile investigations with GrayKey and AXIOM: initiating processing in AXIOM directly from GrayKey’s UI, and pre-processing Android Keystore data from GrayKey images.
In this release, we have added a new option to save and share custom filters in the Artifact Explorer for different case types – saving time and providing a consistent approach across your team, as well as the ability to collect synched iMessages from the cloud from all the devices associated with an account.
You can upgrade to the latest version within AXIOM or over at the Customer Portal. If you haven’t tried AXIOM yet, request a free trial here.
Initiating Processing in AXIOM From GrayKey
With AXIOM 7.5, you can now initiate processing of all GrayKey image types directly from a GrayKey on the same subnetwork. With this integration, GrayKey users can have AXIOM automatically process all filesystem and other extractions, including the decryption of keychain (iOS) and keystore (Android) data, providing access to additional device passwords and application data.
Once processing is complete, you can then begin examining the mobile data via AXIOM Examine, where built-in Analytics features like Connections, Timeline, Media Explorer, Cloud Insights Dashboard, and Magnet.AI can help you automatically generate insights that could lead to significant breakthroughs in your case.
This feature can speed up your mobile workflows by eliminating previously required manual steps while helping you surface the most data and insights for your case. To learn more, read our blog: Automatically Import and Process Mobile Images in Magnet AXIOM from GrayKey & VeraKey
Android Keystore Pre-Processing
AXIOM can now pre-process Android Keystore data while processing GrayKey mobile images, automatically decrypting high-value artifact data from mobile applications.
This feature saves significant time and effort as AXIOM will now automatically identify applications with keystore data that can be decrypted. This also mitigates manually managing and applying keystore data to individual apps, helping to ensure that any potential evidence source isn’t overlooked. The decryptions also happen in tandem with the initial processing of the mobile data, so you don’t need to wait for the extraction to be processed prior to applying the keystore data.
Live Acquire of Synced iMessages
In AXIOM 7.5 you can now collect iMessages directly from iCloud accounts, providing a complete message history from all synched devices. The cloud data for an iMessage account can include the conversation and media shared from multiple devices, including Apple computers, iPads, and iPhones.
A recent estimate of iMessage usage indicates that there are approximately 1.3 billion people using iMessage to send approximately 8.4 billion messages each day, making these messages a likely source of key evidence in many criminal investigations.
Saving Custom Filters
While no two cases are the same, there are often similar starting points or approaches to case types. To help you work as efficiently as possible, you can now save filter sets in Artifact Explorer for later use in similar case types. Many case types can require the analysis of the same file locations or keywords, so readily available filters can save valuable time preparing your data for review and applying frequently used filters while analyzing a case.
You can share saved filter combinations to ensure a consistent approach to investigations within your team, which can be especially beneficial for onboarding new forensics team members or even shared with examiners in other jurisdictions.
New and Updated Artifacts
New Artifacts
- Discord User
Updated Artifacts
- Chrome Cache
- Discord Logged-in Account
- Discord Messages
- iOS Photos Media Information
- macOS Photos Media Information
- Proton Mail
- Samsung Positioning Path History
- Signal
- Snapchat Chat Messages
- TikTok Media
- TikTok Messages
- VK Messages
- WhatsApp Groups
- Windows Mail
Get Magnet AXIOM 7.5 Today!
We are continually improving AXIOM to make it our most comprehensive digital forensic platform. When every second counts, it’s important that we do what we can to streamline the primary workflow of examiners. We’re excited that these AXIOM improvements can help to do exactly this.
If you’re already using AXIOM, download 7.5 over at the Customer Portal. To try AXIOM for yourself, request a free trial today!
If your agency needs to perform remote collections, collect from cloud storage services, or Microsoft Office 365, check out what’s new in AXIOM Cyber here.