We are thrilled to announce the release of Magnet AXIOM Cyber 7.4.
This release introduces a new signed Mac agent to help ensure you can quickly and reliably collect from remote Mac endpoints without triggering Apple’s Transparency, Consent, and Control (TCC) prompt. This release also adds a new viewer that lets you review protocol buffer files directly in AXIOM Cyber.
To help keep your investigations current with the latest tools and services in your investigations, we have also updated and added to the artifact support. The artifact updates are listed below and detailed in the release notes for AXIOM Cyber 7.4.
Signed Mac Agent
The use of Mac computers for business applications continues to grow steadily. In U.S.-based enterprise companies (1,000+ employees), IDC reported the usage of macOS devices is around 23%, up 6% from 2 years prior. But Apple’s recent update to their security controls prevented data collection from a Mac endpoint without triggering a Transparency Consent and Control (TCC) prompt on the endpoint—which limits acquisition abilities for investigations requiring a more subtle approach. To ensure you can easily and reliably collect from remote Mac endpoints, we have updated AXIOM Cyber’s Mac agent and had the new agent signed by Apple.
To facilitate deploying the new signed Mac agent to devices running macOS, we have also partnered with Jamf, the industry standard in managing and securing Apple endpoints. When we spoke to customers investigating Mac endpoints, Jamf emerged as the primary deployment tool for Mac and the industry standard in managing Apple endpoints. To learn more about the process of deploying the new signed Mac agent with Jamf, check out this blog by Chris Cone.
New Viewer for Protobuf in AXIOM Cyber
Protobuf, or Protocol Buffer, is a free, open-source, and cross-platform data format used to serialize structured data. Google initially developed Protocol Buffers in 2008 for internal use but then provided a code generator for multiple languages under an open-source license. The format can be tricky when you encounter them in an investigation. Still, as an efficient method for storing and transferring data, it is a format you will continue to encounter in your investigations.
To facilitate examining Protobuf data, we have added a new viewer to review protocol buffer files natively within AXIOM Cyber, accessed by a right click within the SQLite viewer. Have questions about Protobuf? Check out our previous webinar: Add “Protobuf Expert” to your examiner’s resume
New and Updated Artifacts
- Android Device Reset/Activation Times
- Android Call Logs
- Android SMS/MMS
- Apple Notes
- Instagram Direct Messages
- Windows Operating System Information