New Axiom was released recently – version 2.8.0.12333
Magnet AXIOM 2.8 is now available to download. The new release improves the performance significantly in AXIOM Process and AXIOM Examine, make it faster(up to 40%) to process the case, faster(average 63%) to review/search/filter the artifacts, and expand our mobile acquisition to Android devices with Qualcomm chipsets using Emergency Download Mode(EDL).
[maxbutton id=”1″ url=”https://www.magnetforensics.com/downloadaxiom” text=”Download Here” ]
Artifacts
- Application Activity | Android: Added parsing support for recovering activity and usage information for applications, including screenshots of the UI from the app. [Android 7-8]
- Bluetooth Devices | Android: Added support for recovering information about Bluetooth devices that the user’s device connects with, on later versions of Android. [Android 6-8]
- Call Logs | iOS: Updated parsing and carving support to recover group call data from Facetime. [iOS 12]
- Chrome | Android: Updated carving support for Chrome Cache Records to recover cached content and its URLs, as well as first and last visit dates. [59.0.3071.125]
- Chrome | Windows, MacOS: Updated carving support for Carved Web History. [59.3071.125 to 63.0.3239.84]
- Contacts | Android: Updated parsing support to recover postal address and web address information. [Android 7.1.1]
- Gmail Webmail | Windows: Updated RAM carving support to identify if an email was sent using Confidential Mode.
- Google Play | Added support for recovering Google Play information, including Installed Applications, Application Details, and Searches. [Android 6-8]
- KakaoTalk | Android: Updated support for decrypting KakaoTalk messages. [8.1.2]
- KnowledgeC | iOS: Added support for recovering device and application info from knowledgeC.db, which includes historical information such as application usage, lock state, orientation, Safari History, and more. [iOS 11-12]
- Naver Whale | Android: Added support for recovering the browser history from Naver Whale. [8.8.6]
- SMS | Android: Added parsing and carving support to recover the name of the app that generated the SMS message. [Android 6+]
- SMS | Android: Updated carving support to recover SMS messages. [Android 6]
- Screen Time | iOS: Added a Screen Time Usage artifact which contains information about when an app is used and for how long. Usage information is available for the local device as well as remote devices that are connected to the same Apple ID or Family Account. [iOS 12]
- USB Devices | Windows: Updated parsing support to now include data from Storport Driver devices. [Windows 10]
- Videos: Updated carving support for videos to improve both processing performance and the deduplication of carved artifacts.
- Your Phone | Windows: Added parsing and carving support for recovering SMS/MMS and Contacts data that was synced to a computer from a phone using the Your Phone app. [Windows 10]
Cloud
- If you configure a G Suite administrator account to give Magnet AXIOM access, you can now access Gmail and Google Drive data from users under the account’s administrator privileges.
- Performance improvements to searching for specific users by name or email address when you’re logged in to a Gmail account with administrative privileges.
- You can now recover G Suite audit logs (including login audit logs for G Suite Basic, Business, and Enterprise) and Google Drive audit logs (including G Suite Business and Enterprise).
Processing
- You can now import artifact profiles that were exported from AXIOM Process in another supported language.
Examining
- In the Create report/export dialog, you can now provide case information when exporting evidence using the JSON format for both Project VIC 1.2 and Project VIC 1.3. You can provide your case number, organization, name, phone number, email, and title.
- You can now export evidence using the JSON format for both Project VIC 1.2 and Project VIC 1.3 up to 2.5x faster.
- You can now sort and filter evidence by artifact attributes when in Thumbnail view.
- You can now sort and filter evidence by recovery method for parsed/carved attributes. You can view these attributes in the Details card and when you export evidence.
Bug fixes
- In some cases, creating an export that contained an attachment could cause the export to fail. -AXE-6284
- Previously, HTML and PDF exports included case detail fields even when there was no information available. The following fields are now excluded from exports if no information is available: Examiner name, Case number, Scanned by, Scan description, Evidence description, Evidence platform. -AXE-5977
- When acquiring an Office 365 user account, you were sometimes unexpectedly prompted for administrator approval. -CAO-1733
- When attempting to export Cloud Office 365, Hotmail, or Outlook Emails artifacts, the PST export option was unavailable. -AXE-6254
- Previously, .opus files recovered in Android WhatsApp messages couldn’t be played in the conversation preview. -TAO-118
- The ‘Date Read’ and ‘Date Delivered’ attributes from SMS Messages weren’t being converted to Apple nanosecond timestamps. [iOS 11] -TAO-102
Known issues
- In some cases, if a case is processed in a newer version of AXIOM and actions are later performed in an older version of AXIOM, an error message might appear or you might experience unexpected behavior. Workaround: Update Magnet AXIOM to the latest version.
- In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully. Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.
- Magnet AXIOM crashes when out of disk space. Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
- When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine. Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a Files and Folders scan. (In the Evidence sources section, click Mobile > iOS > Load evidence > Files and Folders.)