The latest major release of Magnet AXIOM Cyber, version 7.0, is now available.
There are a lot of great features and capabilities in this release of AXIOM Cyber—here are the top six:
- New memory analysis capabilities
- Shared Agents
- Email Relationship Linking in Load Files
- Privileged materials
- Multi-artifact view
- New and updated artifact support
To learn more about each of these features check out the content and links below. And, if you haven’t tried AXIOM Cyber yet, this is a great time to request a free trial.
New Memory Analysis Capabilities
Memory analysis plays a pivotal role in malware and ransomware attacks helping investigators to identify evidence of malicious activity running on an endpoint. Memory analysis is often the only means of identifying and investigating stealthy attacks that don’t leave a digital evidence trail on a hard drive.
To enhance examiner’s ability to conduct memory analysis, we have added a new option for analyzing Microsoft crash dumps in AXIOM Cyber with the integration of Comae memory analysis technology. Comae Technologies was acquired by Magnet Forensics in May of 2022 and since that time, we have been working together on the continued developed of memory analysis capabilities in Magnet Forensics solutions.
Comae adds improved support for current Windows operating systems, new insights for modern threats as well as greatly improving the speed of processing memory in AXIOM Cyber.
To see how to use Comae Memory Analysis in AXIOM Cyber, check out our blog: Comae Memory Analysis Capabilities Integrated into AXIOM Cyber.
In our latest State of Enterprise DFIR report, 34% of respondents ranked “Do not have the right access or permissions to acquire data” as having a large to extreme impact on investigations.
To help simplify and expedite your access to endpoints, we have introduced Shared Agents, which enable your team to quickly access an endpoint with an existing agent from any of your AXIOM Cyber instances without having to deploy a unique ad-hoc agent.
Shared Agents reduce the number of agents that need to be deployed and managed by your security team and also simplifies accessing your endpoints, helping to remove barriers to quickly and effectively collecting the data you need to perform your duties effectively.
Email Relationship Linking in Load Files
With the prominence of email in business communications, it’s not surprising that it is a key source of ESI in eDiscovery collections. To ensure you have the full context of emails in your collections, we have updated our load files to include relationship linking for email messages and attachments.
With email relationship linking in load files, when selecting emails or attachments for export you will now have the option to also include the parent and any sibling attachments associated with the communication. The email and attachment relationships as well as metadata for the artifacts will also be shown in the .dat load file generated which greatly helps with preserving context for downstream review.
To read more about this development check out our blog: Supporting eDiscovery with Email Relationship Linking in AXIOM Cyber Load Files.
In many eDiscovery cases, there will be set parameters around what evidence can be included in the scope of the investigations. With privileged materials in AXIOM Cyber 7.0, you can easily load keywords related to privileged evidence and AXIOM Cyber will automatically tag the artifacts or exclude them from the Artifact Explorer. This feature helps to expedite the review of privileged materials and helps ensure a more accurate and efficient process.
Multi-Artifact View in Artifact Explorer
This release also adds an updated view to Artifact explorer, presenting more pertinent information—enabling a faster review of artifacts with less clicks. The new view provides key, supporting, and additional details related to the artifact directly in the table with the details presented varying based on the category of artifact, making it easier to understand what happened during a specific time in your case. The added visibility into related artifacts helps you connect data points and tell the story of your digital evidence.
New and Updated Artifacts
As always, with every new release comes support for new artifacts as well as updated support for artifacts that may have changed over time.
Apps and services are constantly changing, and the way that your DFIR tool parses and carves those artifacts needs to change just as fast. It’s one the reasons why Magnet Forensics is committed to delivering product updates monthly.
- Biome Application Intents
- Facebook Messenger
- Instagram Direct Messages
- iOS Call Logs
- CarPlay Recently Used Apps
- Device Screen Backlight States
- Safari Last Session
- DuckDuckGo Bookmarks
- TextMe Conversations
- Google Maps
- Call Logs
- Device Information
- Edge Chromium Web History
- LINE Messages
- Network Usage
- Rebuilt Desktops
- Safari Downloads
- Safari iCloud Tabs
- TextMe Calls
- TextMe Messages
- Volume Information
- Web Chat URLs
Performance Improvements in Examine
In addition to the new features and artifacts in this release we have also made significant improvements to the performance of AXIOM Cyber, especially with larger datasets. In our internal testing using a case with 5 million hits running on an i3.xlarge EC2 instance (4vCPU, 30.5GB memory, 500GB SSD) the time required to open and load a case was reduced by 36% while the initial loading of Artifact Explorer was reduced by 77%!