New in Magnet AXIOM 2.5.0.11326 - September 13, 2018

Highlights

WhatsApp: Updated parsing support to recover incoming and outgoing deleted messages from the ChatSearchV3 database. [WhatsApp 2.18.81 on iOS]

Mobile and desktop artifacts

• iMessage/SMS/MMS: Updated carving support to recover sender/receiver information, timestamps, and more. [iOS 12]
• WhatsApp Messages: Added parsing and carving support for audio and video calls. [WhatsApp 2.17.22 - 2.17.33 on iOS]
• Wallet Transactions: Added parsing support to recover transaction history from a GrayKey or Jailbroken iOS image. [Wallet Transactions on iOS 10-12]
• Location History: Added parsing and carving support for cached system locations from a GrayKey image. [Location History on iOS]
• Apple Wallet: Added parsing support for pay cards and saved passes such as boarding passes, membership cards, and more. [iOS 11]
• Bluetooth Devices: Updated parsing support to recover Bluetooth devices that a user's iOS device came in proximity with. [iOS 11]
• Google Duo Calls: Added parsing support for Google Duo calls. [Google Duo 4.0 - 37.2 on Android]
• Google Duo Calls: Added parsing support for Google Duo calls. [Google Duo 4.1 - 38.4 on iOS]
• Siri Messages Search Suggestions: Added parsing and carving support to recover suggestions from Siri when a user searches for iOS messages. Supported for GrayKey images. [iOS 11]
• imo: Added parsing support to recover chat messages, voice calls, and video calls. [imo 9.8 on Android]
• KakaoTalk: Added parsing and carving support to recover messages, group messages, photos, and contacts. [KakaoTalk 2.7.1 on Windows]
• Viber: Updated parsing support to recover messages. [Viber 6.8 - 9.3.1 on iOS]
• Carved Video: Updated MP4 carving support to recover more designations such as drc1, F4V, mmp4. mp71, M4VH, M4VP, mqt, and MSNV.
• Audio: Updated parsing support to recover WAV and MP3 audio files.
• Viber: Updated parsing support to recover messages. [Viber 8.7-9.3 on Android]
• iOS Contacts: Updated parsing support to recover the profile pictures of contacts. [iOS 11]
• Shareaza: Added parsing to link P2P user activity to a specific user GUID. [Shareaza 2.7.9 - 2.7.10 on Windows]
• Android Device Information: Updated parsing support to recover IMEI, IMSI, and ICCID information. [Android 6,7,8]
• Twitter: Updated parsing and carving support to recover friends and direct messages. [Twitter 7.29.1 on iOS]
• Malware/Phishing URLs: Updated parsing support to include all suspicious URLs identified by the SANS Internet Storm Center (ISC) - Suspicious Domains List.
• Android Contacts: Updated parsing support to recover postal addresses and web addresses associated with a contact. [Android 6, 7, 8]

Cloud artifacts

• You can now acquire a user's Office 365 contacts.
• You can acquire iCloud backups from accounts that have two-factor authentication for iOS versions 11.1 and lower.
• If you're working on a Local Area Network (LAN), you can now connect to the Internet using a system proxy.
• Depending on your network speed, you can browse Box.com files/folders and Box.com users up to 75% faster.

AXIOM Process features

• AXIOM Process now parses artifacts from deleted files on NTFS and FAT file systems, and recovers metadata such as file names and timestamps.
• You can now choose to recover artifacts from nested archives and mobile backups. When you search for data in nested archives, for example a .zip file within a .zip file, you can choose how many layers deep you want to search.
• On processing workstations with a larger number of logical cores, processing times could be reduced by as much as 40%.
• You can complete a full image of decrypted userdata partitions on Android devices.
• Image Android devices with Qualcomm chipsets using Emergency Download Mode (EDL).
• You can acquire LG devices in Advanced Flash mode up to 50% faster.
• You no longer have to reconnect mobile devices if you install or remove drivers on Windows computers while in the acquisition process.
• To improve performance times when you're processing evidence, you can choose if you want to scan found archives and mobile backups or not.

AXIOM Examine features

• To significantly improve performance times in AXIOM Examine, changes were made the way data is stored in the case database. For cases created with Magnet AXIOM version 2.5.0 or later, the performance of actions such as searching, sorting, and filtering is improved by an average of 63%. You can open cases created in Magnet AXIOM version 2.4.1 or earlier, but you won't experience these performance improvements.
• Improvements were made to the way data is loaded in AXIOM Examine so that you see fewer instances of "loading data" when you scroll through records.

Fixed issues

• On Windows 10 version 1803, if you double-clicked the "RunIEF.cmd" file, and then selected IEF Triage or IEF Report Viewer, the programs wouldn't launch. -AXP-3797
• Significant performance improvements to Facebook account acquisitions, including significantly reducing the amount of lockouts while acquiring Facebook data. -CAO-1398
• For some users when you logged in to a Cloud Office 365 account with administrative privileges, the Microsoft mail item didn't have an "Edit" option, and you couldn't access audit logs. -CAO-1595
• Previously, if you tried to image LG G5 devices that use UFS memory chips, a failure would occur. -MMI-934

Known issues

• Magnet AXIOM crashes when out of disk space. Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
• In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully. Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.
• When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine. Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a Files and Folders scan. (In the Evidence sources section, click Mobile > iOS > Load evidence > Files and Folders.)
• In older versions of AXIOM Examine (earlier than 1.1.0), if you attempt to open a case that was processed using AXIOM Process version 1.1.0 or later, you may experience unexpected results.
• If you attempt to open a case that was processed using AXIOM Process version 2.5.0 in AXIOM Examine version 2.4.1 or earlier, an error messages appears. Workaround: Update Magnet AXIOM Examine to the latest version.