New in Magnet AXIOM 1.2.3.8063 - January 22 2018
Fixed issues
- Some files recovered were previously marked as inaccessible to the user, but now are accessible. -AXP-2668
- The Office 365 icon was not displaying correctly on the cloud acquisition screens in AXIOM Process. -CAO-1022
New in Magnet AXIOM 1.2.3.8027 - January 17 2018
Mobile and desktop artifacts
- Cloud: New Refined Results artifact called "Cloud Passwords and Tokens".
- Keychain for iOS 9, iOS 10, and iOS 11: Ability to decrypt and extract Internet Passwords and Generic Passwords from the keychain.
- iMessages for macOS 10.13.1: Updated support for the recovery of message dates.
- Twitter for iOS: Recover file attachments in the Twitter Direct Messages artifact.
- Carved Video: Addition of MD5 Hash, SHA1 Hash, and Category fragments, allowing videos to be categorized under Project VIC and compatible with the Griffeye workflow.
- Snapchat v10.12.5.0 for Android: Chat message carving updated.
- Skype v7.46 for Android: Message carving updated.
- Twitter v6.22.1 for Android: Twitter carving updated.
- Gmail v4.7.2.967015, v5.0.1, v7.6.18, and v7.7.30 for Android: Updated carving support to correctly recover fragments.
- Android Emails: Improved email carving support for accounts that aren't Gmail accounts.
- Viber v6.6.1 for Windows: Updated parsing support for Messages, Calls, and Contacts. Expanded recovery to include additional information for Contacts and Calls.
- iOS iMessage/SMS/MMS: Names are now associated with the phone numbers/e-mail addresses of iMessage conversation partners.
- IP Addresses - Audio/Video Calls: New artifact to recover IP addresses left behind by online communication apps like Facebook and Hangouts (mainly found in RAM and the Pagefile/Hibernation files).
Cloud artifacts
- Facebook: You can now acquire the list of friends from an account.
- SharePoint: You can now acquire documents by selecting from a list of the organization's SharePoint sites.
- Google Services: The following details now appear for selected Google services: Last Activity Date, Account Size, and Search Type. You can also specify a date range for each service to acquire from.
- Office 365: Acquire audit logs that contain IP addresses, rule changes, and user accounts.
- Google Drive: You can now select which folders to acquire.
AXIOM Process features
- Hibernation and Sleep are now disabled when a search is running.
- When using a backup service to communicate with some iOS devices, the program would freeze. Users will now be prompted to restart the device in order to avoid freezing.
AXIOM Examine features
- You can now perform a keyword search in the Registry view. Clicking "Go" or pressing F3 multiple times will allow you to navigate to various results in different keys and hives.
- You can now apply a relative time filter based on the timestamp of any artifact. This allows you to view other artifacts with similar timestamps occurring before or after the item of interest.
- Search for files using the global filter in the Artifacts view to find files accessible to the user, and files not accessible to the user.
Fixed issues
- When using the Windows zoom functionality, the height of the AXIOM Process window could not be adjusted and buttons would be cut off at the bottom of the window. Scrolling and height resizing functionality has been added. -AXP-2758
- In some cases, when you attempted to add a segmented .zip file from a network drive as an evidence source, an error was displayed indicating that the evidence is corrupt. And, if you are able to add the .zip file as an evidence source, the scan failed. -AXP-2615
- When you were acquiring an image and there was a MER.tgz file from McAfee, AXIOM Process would process the same five folders in this file on a loop. -AXP-2502
- When you attempted to search evidence that contained a file or folder with only a non-breaking space for a name, AXIOM Process would crash. -AXP-1786
- When trying to scan a mobile image created using Elcomsoft Phone Breaker, AXIOM Process would crash. -AXP-1673
- Sometimes, when attempting to export items from AXIOM Examine with attachments (emails), the report would fail. -AXE-5163
- Sometimes, the SOFTWARE registry hive could not be browsed using the Registry explorer. -AXE-5073
- Sometimes, reports failed to export as PDF files when they contained large amounts of pictures. -AXE-5015
- Exporting JPEG evidence as a PDF file caused the report size to be much larger than the original data. -AXE-5014
- Sometimes AXIOM Examine wouldn't complete the exporting process after building Connections for the case. -AXE-4975
- When attempting to export emails to HTML documents, AXIOM Examine displayed an error message. -AXE-4881
- In some situations, when you attempted to an HTML report, AXIOM Examine displayed an error message. -AXE-4616
- When attempting to export email artifacts to PST documents, AXIOM Examine displayed an error message. -AXE-4350
- The processing evidence spinner wouldn't disappear even though the entire case was loaded in AXIOM Examine. -AXE-3241
- In some cases, the displayed Install Date/Time in the Operating System Information artifact were those of the most recent update, rather than the original update. The fragment label has been changed to Installed/Updated Date/Time to reflect this. -ART-8991
- Sometimes, while creating Android Quick images, the program wouldn't delete files from temporary storage, which would cause imaging to fail. -MMI-744
- When acquiring an Android quick image, with an evidence number that matched that of another Android quick image, AXIOM Process would attempt to store data in the same place and the user would receive an error message. -MMI-742
- In some cases, if Antivirus software moved or deleted files while evidence was being acquired from a phone, the imaging would fail. -MMI-741
- When acquiring a quick image of an iOS device with Unicode characters in the output file path, AXIOM Process failed to acquire backup files. -MMI-484
Known issues
- When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine.
Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a File & Folders scan. (In the EVIDENCE SOURCES section, click MOBILE > IOS > LOAD EVIDENCE > FILES & FOLDERS.)
- Magnet AXIOM crashes when out of disk space.
Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
- In older versions of AXIOM Examine (earlier than 1.1.0), if you attempt to open a case that was processed using AXIOM Process version 1.1.0 or later, you may experience unexpected results.
- In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully.
Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.