New in Magnet AXIOM 2.3.0.10551 - July 19, 2018
Mobile and desktop artifacts
- Safari: Added support to recover recent search terms. [Safari on iOS]
- Snapchat: Updated carving support for Snapchat friends. [Snapchat 9.2-10.12 on Android]
- iOS Call Logs: Updated carving support. [iOS 9-12]
- Media: Added parsing support for .VOB, .MPEG1, .MPG1, .MPEG2, .MPG2, .M2V, .M2P, .MOD files, and added carving support for .MPEG1 and .MPEG2 files.
- Media: Added parsing and carving support for .ASF, .WMV, .DVR-MS files.
- Chrome: Added support to recover saved Chrome usernames and passwords. [Chrome on Android]
- iOS Call Logs: Added support to recover which application was used to make a call. [iOS 11-12]
- Android QQ: Added parsing support to recover messages, local users, and file transfers. [QQ on Android]
- Android QQ International: Added parsing support to recover messages, local users, and file transfers. [QQ International on Android]
- iOS Contacts: Updated parsing and carving support. [iOS 11-12]
- iOS QQ: Updated support to enable chat threading. [QQ on iOS]
- WeChat: Updated decryption support of WeChat messages and friends. [WeChat 6.3-6.6 on Android]
- Chrome: Added support to decrypt and recover saved Chrome login passwords. [Chrome on Windows]
Cloud artifacts
- AXIOM Process now acquires Box.com items that were moved to the Trash folder.
- You can now load iCloud images as a Cloud evidence source, instead of a mobile evidence source.
- You can now acquire Microsoft Audit Logs using an account that has two-factor authentication.
AXIOM Process features
- AXIOM Process now adds passwords that successfully decrypt drives, as well as iOS backup file system decryption information to your case information file.
- You can download and install newer versions of Magnet AXIOM faster on your online or offline forensic workstation using incremental updates. In AXIOM Process, in the "Check updates" window, you can use the URL to download the reduced size installer. You can also navigate to your customer portal account, pick the version of Magnet AXIOM that you want to update from, and run the reduced size installer.
- To reduce slow processing times, AXIOM Process now automatically checks if antivirus software is running on your machine.
- You can import .csv files from the Child Rescue Coalition's Child Protection System (CPS) into AXIOM Process. When you process your case, Magnet AXIOM automatically identifies and tags evidence in your case that matches data in the CPS export.
- When AXIOM Process can't image an LG device, the application now warns you instead of throwing an exception.
AXIOM Examine features
- You can view the evidence from your case that matched data from the CPS in the CPS dashboard widget on the Case dashboard page.
- You can add more .csv files from the CPS to your case in AXIOM Examine after you initially process your case in AXIOM Process.
Fixed issues
- When you exported an AXIOM Cloud iCloud Mail PST file in AXIOM Examine, the timestamp would be the date/time you exported the file, instead of the date/time the PST file was created. -AXE-5373
- When returning to File system explorer, after applying filters and viewing related artifacts, the view was no longer applying the filters. -AXE-5004
- Sometimes, if AXIOM Process crashed during startup, the application would freeze and wouldn't save logs of the crash. -AXP-3596
- When you acquired Cloud Gmail messages, AXIOM Process wouldn't display all attachments recovered. -AXP-3647
- If the serial number of a Motorola device was not found, an exception was thrown. -MMI-901
- When you acquired an Android mobile device, sometimes the chat threads would be displayed incorrectly. -MMI-911
- WeChat: Improved dedulpication to better remove redundant carved records. [WeChat on iOS and Android]
Known issues
- In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully. Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.
- Magnet AXIOM crashes when out of disk space. Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
- In older versions of AXIOM Examine (earlier than 1.1.0), if you attempt to open a case that was processed using AXIOM Process version 1.1.0 or later, you may experience unexpected results.
- When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine. Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a Files and Folders scan. (In the Evidence sources section, click Mobile > iOS > Load evidence > Files and Folders.)
View the Release Notes for previous versions