We are happy to announce the release of Magnet AXIOM Cyber 7.4. This release introduces a new signed Mac agent to help ensure you can quickly and reliably collect from remote Mac endpoints without triggering Apple’s Transparency, Consent, and Control (TCC) prompt. This release also adds a new viewer that lets you review protocol buffer files directly in AXIOM Cyber and the ability to initiate the processing of a mobile image in AXIOM Cyber from a VeraKey device.
To help keep your investigations current with the latest tools and services in your investigations, Magnet Forensics has also updated and added to the artefact support. The artefact updates are listed below and detailed in the release notes for AXIOM Cyber 7.4.
Signed Mac Agent
The use of Mac computers for business applications continues to grow steadily. In U.S.-based enterprise companies (1,000+ employees), IDC reported the usage of macOS devices is around 23%, up 6% from 2 years prior. But Apple’s recent update to their security controls prevented data collection from a Mac endpoint without triggering a Transparency Consent and Control (TCC) prompt on the endpoint—which limits acquisition abilities for investigations requiring a more subtle approach. To ensure you can quickly and reliably collect from remote Mac endpoints, Magnet Forensics has updated AXIOM Cyber’s Mac agent and had the new agent signed by Apple.
To facilitate deploying the new signed Mac agent to devices running macOS, Magnet Forensics has also partnered with Jamf, the industry standard in managing and securing Apple endpoints. Jamf emerged as the primary deployment tool for Mac and the industry standard in managing Apple endpoints. To learn more about the process of deploying the new signed Mac agent with Jamf, check out this blog by Chris Cone.
Initiate Processing of Mobile Images from a VeraKey
Developed by Grayshift, VeraKey is a forensic solution that enables consent-based, complete file system data extractions from iOS and Android devices. The combination of AXIOM Cyber and VeraKey gets you the most evidence so you can quickly and easily work through investigations.
As part of the continued integration between AXIOM Cyber and VeraKey, developed by Grayshift, Magnet Forensics has added an integration that enables VeraKey devices to initiate the processing of mobile images in AXIOM Cyber. This new feature will help to speed up your mobile workflows by automatically downloading the mobile image to AXIOM Cyber, eliminating previously required steps and manual touchpoints.
With this new integration, VeraKey users can choose to have AXIOM Cyber automatically process complete filesystem extractions. Once the image is downloaded and validated on the AXIOM Cyber system, it will be removed from the VeraKey, freeing up hard drive space for additional acquisitions.
New Viewer for Protobuf in AXIOM Cyber
Protobuf, or Protocol Buffer, is a free, open-source, cross-platform data format used to serialize structured data. Google initially developed Protocol Buffers in 2008 for internal use but then provided a code generator for multiple languages under an open-source license. The format can be tricky when you encounter them in an investigation. Still, as an efficient method for storing and transferring data, it is a format you will continue to encounter in your investigations.
To facilitate examining Protobuf data, Magnet Forensics has added a new viewer to review protocol buffer files natively within AXIOM Cyber, accessed by a right click within the SQLite viewer. Have questions about Protobuf? Check out the previous webinar: Add “Protobuf Expert” to your examiner’s resume
Android Device Reset/Activation Times
Android Call Logs
Instagram Direct Messages
Windows Operating System Information