Resource Center

How-Tos

Facebook Warrant Returns,“Download My Data” and Additional Twitter Account Acquisitions in AXIOM 3.0

    With AXIOM turning three this year, we decided to make 3.0 a huge release. Not only have we added a redesigned media categorization (ProjectVic/CAID) a powerful new Timeline Explorer, full support for APFS for Mac investigations, we’ve also greatly enhanced AXIOM’s cloud source capabilities–particularly, warrant returns and “Download My Data” from Facebook and additional Twitter account acquisitions!

    The latest version of Magnet AXIOM is now available for customers to download! Either upgrade within AXIOM or head over to the Customer Portal to download AXIOM 3.0.

    Loading Cloud Evidence

    When you acquire from cloud evidence sources, Magnet AXIOM creates a .zip file containing the hashed cloud image. You can also load this cloud image into AXIOM Process to process the evidence file as part of separate cases if needed.

    Facebook Warrant Returns

    Often investigators send warrants off to Facebook and then wait weeks upon weeks waiting for their return, only to then spend more valuable time examining the numerous folders of data and trying to make sense of it all. With AXIOM 3.0, investigators can now load HTML based .zip warrant returns from Facebook in for parsing.

    Depending on the original warrant request, investigators will be presented with their evidence, including the suspect’s friends list, friend request, messages, wall posts, and audit logs. Audit logs go a long way in providing context to investigations that revolve around Facebook since they contain information such as what the individual in question searched for via the platform. If the suspect claims to have never had contact, or know the victim, the audit logs can help determine if there was indeed, knowledge of the victim from the suspect. In cases where a suspect may be trying to make contact with an individual, the Facebook Friend Requests artifact can show both who the individual sent friend requests too, as well as, if they were accepted, rejected, or just hidden when sent.

    Facebook “Download My Data” Integration

    Victims of crimes, ranging from misdemeanors to serious felonies, often will aid investigators in hopes of helping bring the suspect to justice as quickly as possible. With the use Facebook’s “Download My Data”, case agents can quickly have access to valuable evidence for their investigations.

    Once legal authority has been granted from either consent or a search warrant, investigators will first log into the account, navigate to settings, then select the “Your Facebook Information” tab. Next, select, “Download Your Information”, selecting the date range, image quality, and format for the export. Once your options have been configured simply hit “Create File”, then navigate over to the “Available Files” view found above the configuration options.

    The newly generated file will show as pending, until it’s completed and ready for download. AXIOM 3.0 only supports the JSON format available from the archival download options given, so be sure to select JSON when you download the file.

    Public Twitter Acquisition Without Credentials

    We have added to our Twitter acquisition capabilities in AXIOM 3.0, now providing investigators the ability to acquire publicly available information on any given Twitter account. For law enforcement, information available to the public typically does not meet the threshold for needing a warrant to collect. It’s always best to check with your prosecutors or legal teams before acquiring cloud data.

    As we can see in the image below, after collecting my own Twitter account, we can view all my public posts, including the selected post where I commented on another tweet. AXIOM will also provide the mentions, reply count, retweet count, like count, URL of tweet, and if it was retweeted or has an attached video.

    When collecting Twitter accounts, be cognizant of if the account is active, with a large following or masses of tweets. The larger the account, the longer the acquisition will take.

    If you’re not already using AXIOM Cloud and want for yourself, request a trial today. If there are artifacts you’d like to see supported in AXIOM or if you have any questions, please don’t hesitate to reach out to me at trey.amick@magnetforensics.com

    Related Resources

    How-Tos

    How-Tos

    Introducing Magnet Automate Essentials

    Magnet Automate Essentials provides you with everything you need to build automated workflows across your entire DFIR toolkit to help you complete your digital investigations faster, easier, and more reliably.

    February 14, 2024 • About a 1 minute view
    How-Tos

    How-Tos

    Exploring the New User Interface Features in Review 5.0

    Magnet Review was designed to make it fast and easy for users to uncover the data they need. Review includes several options to help reviewers considerably reduce their time to

    April 25, 2023 • About a 1 minute view
    How-Tos

    How-Tos

    Getting Started With Magnet AXIOM Cyber

    This getting started with Magnet AXIOM Cyber playlist has been developed to help you quickly get up to speed on the basics with Magnet AXIOM Cyber. In this series of

    November 18, 2022 • About a 2 minute view
    Resource Center Home

    Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

    Start modernizing your digital investigations today.

    Top