Picking our favorite updates to Magnet AXIOM Cyber in 2022 was no mean feat. From the inclusion of scanning with YARA rules to spot the latest malware, to Email Explorer for easy browsing of email evidence, AXIOM Cyber in 2022 got some major upgrades. While there are too many new features to fit in one post, here are ten great new AXIOM Cyber features from the past 12 months, in no particular order.
1. Collect Volatile Artifacts
This year, we introduced a new artifact category: volatile artifacts. Volatile artifacts are an especially important element of incident response investigations as they can provide unique insights into malware behavior and malicious activities that don’t leave easily detectable evidence trails.
2. Scan Files With YARA Rules
YARA Rules are “The pattern matching Swiss knife for malware researchers”, an open-source tool created by Victor M. Alvarez that uses a rule-based approach to characterize malware families based on textual or binary patterns. With over 300,000 new instances of malware detected every day, keeping pace with cyber criminals requires community effort. By including a standard set of common YARA rules into Magnet AXIOM Cyber (and the option to add new or custom rules easily at any time), you can now scan files to identify the very latest malware and other indicators of compromise. Check out our webinar to learn more.
3. Create Targeted Location
A standardized and repeatable approach to remote collections is crucial, so this year we have added the ability to create targeted location profiles. Targeted location profiles allow you to define multiple locations on an endpoint, including folders, browser activity and system files that will be consistently collected every time the profile is used.
4. Queued Collection of Endpoints
Manually collecting endpoints is a pain and can cost you valuable evidence if you miss a window of opportunity due to differing time zones or usage patterns. To solve this problem, AXIOM Cyber now allows for the collection of up to 15 automatically queued endpoints as soon as they become available, making sure you never miss your opportunity to gather vital artifacts.
5. Agent Placeholders for Remote Collection
With the number of cyber threats barraging businesses these days, it is more important than ever to work cases quickly and effectively. This is why in 2022 we introduced remote collection agent placeholders. With the option to include placeholders for agents, you can work more efficiently when building your remote collections by including all the necessary endpoints regardless of whether the agent has checked in or even been deployed.
6. Check Files With Virus Total Integration
Leveraging over 70 antivirus engines, VirusTotal provides information on known malicious files so that you can quickly gain insight into the history and behavior of a threat to inform your response and mitigation plans. By integrating VirusTotal into Magnet AXIOM Cyber, deep insights about the nature of malicious files is just a click away. We’ve put together this webinar if you’d like to learn more.
7. Review Evidence in Email Explorer
With email representing a huge portion of workplace communication, email is vital to DFIR investigators. Our much-anticipated Email Explorer presents messages similarly to how the sender and recipient would have originally viewed them, providing important context that may otherwise be missed. Much like a native email platform, Email Examiner provides several filters and search capabilities to narrow in on specific message times or themes to help manage the volume of data.
8. Collecting Google Drive Activity
One of the most popular cloud-based tools for businesses is Google Workplace, which provides an integrated suite of cloud-native collaboration and productivity apps—including Google Drive. Now, AXIOM Cyber allows you to collect a record of user activity on a Google Drive account, making all the data your organization has in Google Drive trackable.
9. Working With Dell Data Protection Encryption (DDPE)
DDPE is a file-based encryption method commonly used by businesses to help protect their IP and corporate knowledge. But sometimes the tools that have been put in place to protect our data can become roadblocks in forensic investigations. To help ensure data protection doesn’t stand in the way of your forensic investigations, in 2022 we added support for Dell Data Protection Encryption (DDPE) right into Magnet AXIOM Cyber.
10. Pre-Processing and Acquiring User Data in Microsoft 365
With the prominence of Microsoft 365 in corporate environments, we made some updates to streamline the user interface for cloud acquisition of Microsoft 365 data in 2022 and added in pre-processing options to manage the volume of data acquired.