Magnet Axiom Cyber 8.7: Acquire iCloud backups from ADP-enabled accounts, and more!

The latest release of Magnet Axiom Cyber introduces several important improvements for examiners working on a variety of investigation types, from incident response to internal investigations.

Magnet Axiom Cyber 8.7 includes new features, including:

  • Acquire iCloud backups from ADP-enabled accounts
  • Include artifact hits that don’t have timestamps in your analysis
  • UI improvements for a cleaner look and easier case setup

We’ve also updated and added to our artifact support (full details at the end of this blog).

Upgrade to Axiom Cyber 8.7 in the Axiom Cyber interface or through the Customer Portal.

Haven’t tried Axiom Cyber yet? Request your free trial here.

Acquire iCloud backups from ADP-enabled accounts

iCloud backups provide a wealth of information related to app data, including device settings, photos, and videos. The broad range of data can help provide a clearer picture of timelines and interactions to help support or refute claims as part of eDiscovery or internal investigations.

However, if an account has Advanced Data Protection (ADP) enabled (an optional security measure), the encryption keys to the iCloud backup no longer live in Apple’s server, they’re stored on a trusted device (such as an iPhone or iPad). This severely restricts the ability to obtain an iCloud backup. Without the encryption keys, you cannot decrypt and analyze this important source of information.

To help you access iCloud backups, we’ve introduced a new UI flow that allows you to enter the device passcode for the trusted device. Axiom Cyber retrieves the ADP keys from Apple which are then used to decrypt the iCloud backup after it is acquired from the iCloud server.

Enter the device passcode for the trusted Apple device to retrieve the ADP keys from Apple to decrypt the iCloud backup.

Include artifact hits that don’t have timestamps in your analysis

To reduce the volume of data collected, protect data privacy, and adhere to specific requirements in eDiscovery cases, time filters are commonly used to focus on the most relevant data. However, some artifacts lack timestamps—such as contact records that associate individuals with phone numbers—which means those artifacts, while relevant, are filtered out of the dataset.

This can also occur due to carving, where the header or footer containing the timestamp may have been overwritten by a new file.

To address this challenge, you can now filter your data and have the option to include artifacts without timestamps in your cases, enabling a more comprehensive and detailed search to capture all relevant information.

Screenshot of the “Include hits without dates/timestamps” option.

UI improvements for a cleaner look and easier case setup

We’ve made two noteworthy updates to the UI, including:

  • The Axiom Examine menu bar now groups saved filters under the “more” button for a cleaner look and to make room for the Magnet Copilot button.
  • The Axiom Process settings menu has been updated to make the case setup process more efficient, see the image below. The settings categories are now grouped along the left side of the window for easier navigation.
Axiom Process settings menu updated to group settings categories along the left side of the window for easier navigation and case setup.

New and updated artifacts

We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations. With this release, we’ve added TeleGuard, a secure chat application that encrypts every message and call.

New artifacts

  • Samsung Customization Service – Web Activity (Android)
  • TeleGuard Channels (iOS)
  • TeleGuard Contacts (iOS)
  • TeleGuard Messages (iOS)
  • TeleGuard Posts (iOS)

Updated artifacts

  • Facebook Messenger Messages (iOS)
  • Linux Binary Logs (Linux)
  • Meta Warrant Return artifacts (Facebook/Instagram)
  • Photos Media Information (iOS/ macOS)
  • Signal, Session (iOS)
  • Telegram (Android)
  • Telegram Messages (Android)
  • WeChat Accounts, WeChat Friends, WeChat Messages (Android)
  • WhatsApp Messages (iOS and Android)
  • Firefox Cache Records (Android/Computer/macOS/Windows phone)

Get Magnet Axiom Cyber 8.7 today!  

Download Axiom Cyber 8.7 at the Customer Portal or upgrade within the application. 

Haven’t tried Axiom Cyber yet? Request your free trial here. If you conduct digital forensics for criminal investigations, check out the Magnet Axiom 8.7 blog here.

The post Magnet Axiom Cyber 8.7: Acquire iCloud backups from ADP-enabled accounts, and more! appeared first on Magnet Forensics.

Share:

More Posts

Enterprise forensics: Why scalable solutions matter

Organizations in the private sector face significant complexity when performing enterprise forensics investigations, whether it’s in support of incident response, internal investigation, or litigation/eDiscovery. The volume of data, the sheer

FCC Grants SpaceX SCS Authority

On November 26, 2024, the Space Bureau released an Order and Authorization granting in part and deferring in part, with conditions, several applications from Space Exploration Holdings, LLC (“SpaceX”), including