With AXIOM turning three this year, we decided to make 3.0 a huge release. Not only have we added a redesigned media categorization (ProjectVic/CAID) a powerful new Timeline Explorer, full support for APFS for Mac investigations, we’ve also greatly enhanced AXIOM’s cloud source capabilities–particularly, warrant returns and “Download My Data” from Facebook and additional Twitter account acquisitions!
The latest version of Magnet AXIOM is now available for customers to download! Either upgrade within AXIOM or head over to the Customer Portal to download AXIOM 3.0.
Loading Cloud Evidence
When you acquire from cloud evidence sources, Magnet AXIOM creates a .zip file containing the hashed cloud image. You can also load this cloud image into AXIOM Process to process the evidence file as part of separate cases if needed.
Facebook Warrant Returns
Often investigators send warrants off to Facebook and then wait weeks upon weeks waiting for their return, only to then spend more valuable time examining the numerous folders of data and trying to make sense of it all. With AXIOM 3.0, investigators can now load HTML based .zip warrant returns from Facebook in for parsing.
Depending on the original warrant request, investigators will be presented with their evidence, including the suspect’s friends list, friend request, messages, wall posts, and audit logs. Audit logs go a long way in providing context to investigations that revolve around Facebook since they contain information such as what the individual in question searched for via the platform. If the suspect claims to have never had contact, or know the victim, the audit logs can help determine if there was indeed, knowledge of the victim from the suspect. In cases where a suspect may be trying to make contact with an individual, the Facebook Friend Requests artifact can show both who the individual sent friend requests too, as well as, if they were accepted, rejected, or just hidden when sent.
Facebook “Download My Data” Integration
Victims of crimes, ranging from misdemeanors to serious felonies, often will aid investigators in hopes of helping bring the suspect to justice as quickly as possible. With the use Facebook’s “Download My Data”, case agents can quickly have access to valuable evidence for their investigations.
Once legal authority has been granted from either consent or a search warrant, investigators will first log into the account, navigate to settings, then select the “Your Facebook Information” tab. Next, select, “Download Your Information”, selecting the date range, image quality, and format for the export. Once your options have been configured simply hit “Create File”, then navigate over to the “Available Files” view found above the configuration options.
The newly generated file will show as pending, until it’s completed and ready for download. AXIOM 3.0 supports the JSON format available from the archival download options given.
Public Twitter Acquisition Without Credentials
We have added to our Twitter acquisition capabilities in AXIOM 3.0, now providing investigators the ability to acquire publicly available information on any given Twitter account. For law enforcement, information available to the public typically does not meet the threshold for needing a warrant to collect. It’s always best to check with your prosecutors or legal teams before acquiring cloud data.
As we can see in the image below, after collecting my own Twitter account, we can view all my public posts, including the selected post where I commented on another tweet. AXIOM will also provide the mentions, reply count, retweet count, like count, URL of tweet, and if it was retweeted or has an attached video.
When collecting Twitter accounts, be cognizant of if the account is active, with a large following or masses of tweets. The larger the account, the longer the acquisition will take.
If you’re not already using AXIOM Cloud and want for yourself, request a trial today. If there are artifacts you’d like to see supported in AXIOM or if you have any questions, please don’t hesitate to reach out to me at firstname.lastname@example.org