Magnet AXIOM Cyber 6.11: YARA Rules, Biome Artifact Updates

We are happy to announce the release of Magnet AXIOM Cyber 6.11, which introduces new features and capabilities to help make your DFIR workflow as efficiently as possible. This release also includes new and updated artifacts to keep your evidence sources current with the latest apps and services.

You can upgrade to the latest version within AXIOM Cyber or over at the Customer Portal.  

And if you haven’t tried AXIOM Cyber yet, request a free trial here.   

New Select All YARA Rules Option

You can now quickly and easily select all YARA rules to be searched against your processed data in AXIOM Cyber.

This new option to select all YARA rules will be applied to both the YARA rules included in AXIOM Cyber as well as any additional rules you might have added. There is no limit to the number of rule sets you can apply to a scan. However, your scan times will likely increase relative to the number of rules you are running. Once you have selected all rules, you can unselect any rules that don’t apply to your investigation.

With over 300,000 new instances of malware being detected every day, it is virtually impossible for organizations or antivirus tools to independently keep pace with cybersecurity threats. YARA provides a platform for the cybersecurity community to work together and identify the very latest malware threats.

To learn more about YARA rules in AXIOM Cyber, check out this blog post.

iOS Biome Artifacts 

AXIOM Cyber 6.11 includes a number of iOS Biome artifacts that provide important insight into actions within mobile applications.

Biomes are based on backend data collection on your phone that captures actions and active times within different applications. Many of these insights were previously captured in KnowledgeC but were relocated with the introduction of iOS 16.

Biomes have the potential to be an important element of corporate investigations, especially around data exfiltration. With records of application installations and user activity, biomes could capture key evidence of data exfiltration such as using a mobile devices to move corporate data to a cloud application.

To learn more about accessing Biomes in your iOS extractions, check out our latest blog by Chris Vance and his latest installment in the Mobile Unpacked webinar series.  

Corporate Investigation Sessions at Magnet Virtual Summit

Magnet Virtual Summit 2023 is on now! Registration is free and it is still open, so be sure to sign up to check out the sessions mentioned below, as well as many more sessions covering a range of corporate investigations and industry developments. Sessions that have already aired will also be made available on-demand to registrants of the summit.

• Interview With a Hacker – Feb 23 at 1:00PM ET
• eDiscovery and Data Forensic Convergence – Feb 28 at 2:00PM ET
• Current Cyber Security Legislation (and Why It’s Important to You) – March 1 at 1:00PM ET

New and Updated Artifacts

As with all releases of AXIOM Cyber, there is also support for several new and updated artifacts to help keep your investigations current with the latest corporate apps and services developments, including:

New Artifacts

• Biome
  • Application Focus
  • Application Install States
  • Device Lock States
  • Device Orientation States
  • Do Not Disturb Usage
  • Safari Page View
  • Siri Execution
  • Siri UI Usage
  • UserActivity
  • Application Launch
  • CarPlay Connected Cars
  • CarPlay Connections
  • Device Plugged-in States
  • Keybag Lock States
  • Safari History
  • Knowledge C Siri Intents
  • Google Chat WR Artifacts

Updated Artifacts

• Signal
• Telegram
• Facebook
• Snapchat
• Instagram
• TikTok
• EML(x) Files
• Microsoft Teams
• Device Information
• Microsoft Office
• Open Office
• Stored Credentials
• Mail (Windows)
• Apple Mail

Get Magnet AXIOM Cyber 6.11 Today! 

If you’re already using AXIOM Cyber, download 6.11 over at the Customer Portal. To try AXIOM Cyber for yourself, request a free trial today!