Warning: Only download the extension in a Chrome profile window launched by selecting the Google Chrome authentication method in AXIOM Process. The extension must be added to the Chrome profile that is created by the Google Chrome authentication workflow. If you install the AXIOM Cloud Authenticator browser extension in your personal Chrome profile, AXIOM will not be able to connect with the instance and you will not be able to open new windows in your session. If you already installed the extension in your local profile, you must uninstall it. See I already have the extension installed for steps on how to uninstall the extension from your local profile.
In 2019, Google announced that support for embedded browser frameworks (e.g., Chromium Embedded Framework – CEF) would be discontinued due to a difficult to detect form of phishing that could pose a risk to user information when authenticating their identity via an automation platform. This form of phishing is known as “man in the middle” (MITM).
One of the methods available to examiners for acquiring Google account data in Magnet AXIOM was to input a user’s credentials using a CEF browser.
Magnet AXIOM Cloud Authenticator Available in Chrome Extension Store
Now that using CEF for authentication is no longer supported by Google, examiners can install a Chrome browser extension to input user credentials. The Magnet AXIOM Cloud Authenticator is now available through the Chrome extension store, allowing examiners to authenticate a Google profile in Google Chrome and get access to the available data in the target account.
Important Notes on How to Use the Magnet AXIOM Cloud Authenticator
For you to gain access to this login method, you will need to have Google Chrome installed on your device. Otherwise, the popup window that will guide you to the Google Chrome store will fail to launch. When you navigate to Google Chrome, a new profile will be created to host the Magnet AXIOM Cloud Authenticator.
You must ensure that when you add the extension, you add it to the profile that AXIOM creates when it starts the authentication workflow. If this extension is added to a personal Chrome profile, it will not connect with AXIOM, and it will restrict the personal profile from being able to open tabs.
After you have downloaded the extension, you can authenticate a profile with the extension by opening AXIOM and navigating to the authentication methods for Google when acquiring data. The Magnet AXIOM Cloud Authenticator browser extension appears as an advanced authentication option.
It is important to note that a footprint of the activity will be logged in the target users account while the examiner is logged into the account when using the Magnet AXIOM Cloud Authenticator.
To minimize the footprint that’s left behind while having live access to the account, when you log into the account, a log will be added to the account noting the moment your session goes live (e.g., Chrome auth session created).
Once you log in and the session is live, additional tabs will not be allowed to open. The live session will end as soon as the account tab that is used to login into the account is closed. Once the browser is closed and the session is concluded, there will be another log added to the account noting the moment the session ends (e.g., Chrome auth session destroyed).
Head to the extension section of the Google Chrome Web Store and grab the Magnet Google Cloud Authenticator Chrome extension, here. If you’re looking for more information about acquiring cloud-based data or exploring cloud data in your digital investigations, including open-source intelligence collection and warrant return analysis, be sure to check out our Demystifying the Cloud Webinar Series.