The latest release of Magnet Axiom Cyber introduces several important improvements for examiners working on a variety of investigation types, from incident response to internal investigations.
Magnet Axiom Cyber 8.7 includes new features, including:
- Acquire iCloud backups from ADP-enabled accounts
- Include artifact hits that don’t have timestamps in your analysis
- UI improvements for a cleaner look and easier case setup
We’ve also updated and added to our artifact support (full details at the end of this blog).
Upgrade to Axiom Cyber 8.7 in the Axiom Cyber interface or through the Customer Portal.
Haven’t tried Axiom Cyber yet? Request your free trial here.
Acquire iCloud backups from ADP-enabled accounts
iCloud backups provide a wealth of information related to app data, including device settings, photos, and videos. The broad range of data can help provide a clearer picture of timelines and interactions to help support or refute claims as part of eDiscovery or internal investigations.
However, if an account has Advanced Data Protection (ADP) enabled (an optional security measure), the encryption keys to the iCloud backup no longer live in Apple’s server, they’re stored on a trusted device (such as an iPhone or iPad). This severely restricts the ability to obtain an iCloud backup. Without the encryption keys, you cannot decrypt and analyze this important source of information.
To help you access iCloud backups, we’ve introduced a new UI flow that allows you to enter the device passcode for the trusted device. Axiom Cyber retrieves the ADP keys from Apple which are then used to decrypt the iCloud backup after it is acquired from the iCloud server.
Include artifact hits that don’t have timestamps in your analysis
To reduce the volume of data collected, protect data privacy, and adhere to specific requirements in eDiscovery cases, time filters are commonly used to focus on the most relevant data. However, some artifacts lack timestamps—such as contact records that associate individuals with phone numbers—which means those artifacts, while relevant, are filtered out of the dataset.
This can also occur due to carving, where the header or footer containing the timestamp may have been overwritten by a new file.
To address this challenge, you can now filter your data and have the option to include artifacts without timestamps in your cases, enabling a more comprehensive and detailed search to capture all relevant information.
UI improvements for a cleaner look and easier case setup
We’ve made two noteworthy updates to the UI, including:
- The Axiom Examine menu bar now groups saved filters under the “more” button for a cleaner look and to make room for the Magnet Copilot button.
- The Axiom Process settings menu has been updated to make the case setup process more efficient, see the image below. The settings categories are now grouped along the left side of the window for easier navigation.
New and updated artifacts
We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations. With this release, we’ve added TeleGuard, a secure chat application that encrypts every message and call.
New artifacts
- Samsung Customization Service – Web Activity (Android)
- TeleGuard Channels (iOS)
- TeleGuard Contacts (iOS)
- TeleGuard Messages (iOS)
- TeleGuard Posts (iOS)
Updated artifacts
- Facebook Messenger Messages (iOS)
- Linux Binary Logs (Linux)
- Meta Warrant Return artifacts (Facebook/Instagram)
- Photos Media Information (iOS/ macOS)
- Signal, Session (iOS)
- Telegram (Android)
- Telegram Messages (Android)
- WeChat Accounts, WeChat Friends, WeChat Messages (Android)
- WhatsApp Messages (iOS and Android)
- Firefox Cache Records (Android/Computer/macOS/Windows phone)
Get Magnet Axiom Cyber 8.7 today!
Download Axiom Cyber 8.7 at the Customer Portal or upgrade within the application.
Haven’t tried Axiom Cyber yet? Request your free trial here. If you conduct digital forensics for criminal investigations, check out the Magnet Axiom 8.7 blog here.
The post Magnet Axiom Cyber 8.7: Acquire iCloud backups from ADP-enabled accounts, and more! appeared first on Magnet Forensics.