Magnet AXIOM 2.6 is bringing big updates to Magnet AXIOM Cloud with WhatsApp backups, iCloud and Cloud Administrator account support along with big improvements to overall WhatsApp support.
Together with improvements to Magnet.AI and to overall performance, AXIOM 2.6 demonstrates commitment to being the gold standard for usability.
AXIOM Cloud Updates
WhatsApp Artifact Recovery
Within AXIOM 2.6, AXIOM Cloud can also now acquire and decrypt WhatsApp backups stored in an Android user’s Google Drive account. This capability is critical as the WhatsApp backup may contain information no longer available on the user’s phone. To simplify the process, WhatsApp is available as a source of evidence under AXIOM Cloud.
AXIOM 2.6 has brought a major overhaul to WhatsApp for iOS and Android, particularly:
- iOS: Updated parsing support for messages to recover attachment previews, contacts, shared contacts in vCard format, and latitude and longitude data for shared location messages (including thumbnail previews), sender information for group messages, group member history for group messages, and user names
- Android: Updated parsing support to recover contact profile pictures, frequently contacted users, generic attachments, media attachments, user names, and cached locations
Note, AXIOM requires the phone number associated with the WhatsApp account and the user’s Google credentials in order to decrypt the WhatsApp data. We also created a new mobile artifact that will attempt to find the WhatsApp decryption key from the suspect’s phone, making the process easier for examiners.
Some suspects may not realize that key evidence hasn’t been permanently deleted and is still in the recently deleted section of their iCloud account. AXIOM Cloud can now acquire recently deleted documents and other files in an iCloud account — giving you the capability to extract files that haven’t yet been permanently deleted.
Cloud Administrator Accounts
Office 365 and Box administrators will now see more details related to user’s accounts, making it easier to select the correct user and content to acquire.
Finding Evidence Faster in Magnet.AI
Magnet.AI helps you better prioritize your time in an investigation by uncovering critical image evidence faster than with a manual review.
Image classification capabilities in Magnet.AI now include detection of vehicles, buildings (exteriors) and drones, in addition to images that may contain nudity, weapons, CSAM, drugs, screen shots, money, documents and personal ID (e.g., passport, license).
AXIOM Performance – Find Evidence Faster
AXIOM 2.6 has improved the ability to review picture evidence by reducing the time it takes to resize pictures in AXIOM, seeing current scan-time improvements of up to 40% on picture heavy cases — depending on how many pictures are recovered.
Support for parsing the $UsnJrnl —a frequently requested artifact from our customers has been added, especially those doing incident response or other corporate investigations. This artifact will provide valuable insight into the running set of changes that were made to files or directories on an endpoint or a suspect’s machine.
Here’s what’s included in AXIOM 2.6 and IEF 6.19.0:
New in iOS/MacOS:
- App Data Usage
- Connection History
New in Android:
New in Windows:
- Skype App (v12)
- IME (Keyboard History)
- Bitcoin Debug Logs
- KakaoTalk Media Decryption
- WhatsApp (iOS/Android)
- MMS (Group Message — Android)
- SMS/MMS Content Provider (Android)
- Twitter (Android)
Magnet AXIOM 2.6 and Magnet IEF 6.19.0 download is available HERE