The Top 10 Updates to AXIOM Cyber in 2013
Magnet Forensics brings a lot of updates to Magnet AXIOM Cyber. Monthly releases, and sometimes, with so many fantastic new features, it can be easy to lose track. We thought we’d take this opportunity to summarize a few of the most noteworthy features that we introduced to AXIOM Cyber over the past 12 months, including memory analysis, Magnet VERAKEY connection, and so much more! Check out Top 10 updates to AXIOM Cyber in 2023.
1. New Memory Analysis Capabilities with Comae
This year, new memory analysis capabilities for AXIOM Cyber were introduced! Now, you can analyze Microsoft crash dumps in AXIOM Cyber by integrating Comae memory analysis technology. Come adds improved support for current Windows operating systems, new insights for modern threats, and greatly improves the speed of processing memory in AXIOM Cyber.
To see how to use Comae Memory Analysis in AXIOM Cyber, check our blog: Comae Memory Analysis Capabilities Integrated into AXIOM Cyber.
2. Email Relationship Linking in Load Files
It’s estimated that 347.3B emails are sent a day (in 2023), so it’s not surprising that email is a key source of ESI in eDiscovery collections. This year, relationship linking for email messages and attachments in load files was added. When selecting emails or attachments for export, you can include the parent and any sibling attachments associated with the communication.
To read more about this development check out blog: Supporting eDiscovery with Email Relationship Linking in AXIOM Cyber Load Files.
3. Connect to Magnet VERAKEY
When your tools work together, you can stop fighting the workflow and focus on your investigations. Integrating AXIOM Cyber with VERAKEY streamlines your end-to-end workflow, from acquisition to analysis and reporting. Acquire and process mobile images directly from VERAKEY, an advanced mobile forensic solution for consent-based, complete file system data extractions from iOS and Android devices.
To learn more about how you can use VERAKEY with AXIOM Cyber check out blog: How to Connect Magnet AXIOM Cyber Directly to VeraKey for Mobile Device Investigations.
4. Privileged Materials
In many eDiscovery cases, there will be set parameters around what evidence can be included in the scope of the investigations. Easily load keywords related to privileged evidence, and AXIOM Cyber will automatically tag the artefacts or exclude them from the Artifact Explorer. This feature helps to expedite the review of privileged materials and helps ensure a more accurate and efficient process. Learn more about tagging privileged materials here.
5. Shared Agents
Teams of examiners celebrated this year as they could simplify and save time accessing data from endpoints previously deployed to using Shared Agents! Now, any of your AXIOM Cyber instances can call out to an existing AXIOM Cyber agent without having to deploy a new, unique ad-hoc agent.
To learn more about how Shared Agents can be used for your team, check out this blog.
6. Export Cases directly to Magnet REVIEW SaaS
This year's big news: Magnet Forensics launched an early access free trial of an upcoming new SaaS-based version of Magnet REVIEW for existing AXIOM and AXIOM Cyber customers! Magnet REVIEW helps you easily and securely share digital evidence from all your sources with your investigative teams and stakeholders so you can work together to finish cases faster.
REVIEW is integrated with AXIOM Cyber, so you can securely share your cases directly from the Examine export dialogue, and your stakeholders can access REVIEW from any web browser with no special hardware or software required. Learn more about REVIEW SaaS early access free trial here.
7. Millisecond Precise Timestamps for More Accurate Analysis
In any investigation, digital forensic examiners must address critical questions, including the pivotal “when” and “how.” Precise timestamps are vital in answering these questions, whether by constructing timelines, correlating events, or connecting relationships between various actions and users.
But a lot can happen in just one second when some events occur at machine speed!
Now, millisecond precise timestamps are supported throughout Magnet AXIOM and Magnet AXIOM Cyber and all artefacts where millisecond data is available, such as in Timeline, Connections, and log entries. Ultimately, this enables you to quickly analyze chronologically sorted artefacts with improved accuracy.
To learn more about this enhancement, check out the blog post “Improve Investigation Accuracy With Higher Timestamp Resolution.”
8. Signed Mac and Windows Agents, and a New Partnership With Jamf
Magnet Forensics partnered with Jamf, the industry standard in managing and securing Apple endpoints to deploy the new signed Mac agent to devices running macOS. When we spoke to customers investigating Mac endpoints, Jamf emerged as the primary deployment tool for Mac and the industry standard in managing Apple endpoints.
9. Microsoft 365 and Teams Client Credentials Authentication
Cloud investigations continue to play a pivotal role in corporate investigations as more critical data moves to the cloud. Approximately 60% of corporate data is stored in the cloud, representing a 2x increase from 2015. Accessing that data can be challenging, but with new enhancements to Microsoft 365 and Teams collection workflow, you can now authenticate and access data with client credentials. If your organization’s data access control policy prohibits the use of global admin accounts and/or an account’s username and password to authenticate and access data, upgrade now and use client credentials instead to meet your organization’s security, privacy, and compliance policies while collecting the comprehensive cloud data you need for your investigations.
Client credentials are configured in Azure and can be set up with read-only access with the option to choose what data can be accessed. You can also set client credentials to expire if governance rules require time-limited access to data. Learn how to set up client credentials in Azure in our knowledge base article “Sign in to Microsoft using Client Credentials” (Support Portal login required.)
10. Remote Endpoint File Listing
A complete file listing can help you answer critical questions such as “Was this file still present on the endpoint after an attack?” or it can help you estimate and answer stakeholders who want to know “, How long will it take to collect and process this case?”
Quickly generate a complete index of the files and folders currently on a remote endpoint, preserve that index, and search it for use during an active investigation or for future reference. To learn more about this new feature and three ways you can use it in your next investigation, check out the blog post: “Three Ways to Use Remote Endpoint File Lists to Streamline Your Investigations.”