New in Magnet AXIOM 2.6.0.11689 - October 11, 2018
Artifacts
- Network Usage: Added parsing support to recover application data usage and connection history. [iOS 11]
- WhatsApp iOS: Updated parsing support for messages to recover attachment previews, contacts, shared contacts in vCard format, latitude and longitude data for shared location messages (including thumbnail previews), sender information for group messages, group member history for group messages, and user names. [2.18.81]
- Bitcoin Core Windows: Added carving support to recover wallet information and transaction history from debug logs. [0.16-0.17]
- WhatsApp Android: Updated parsing support to recover contact profile pictures, frequently contacted users, generic attachments, media attachments, user names, cached locations, group calls, and call duration. [2.18.267]
- Network Usage: Added parsing support to recover application data usage and connection history. [macOS 10.11]
- $UsnJrnl: Added support to recover a timeline of when files and folders were accessed or changed. [Windows XP, Vista 7, 8, 8.1, 10]
- Carbonite Windows: Updated parsing support to recover "File Backup Date/Time" and "File Size" information. [6.3.3]
- Skype Windows: Updated parsing and carving support to recover activity, contacts, and more on Windows 10 computers. [12.1815.209]
- Email Attachments: Updated the "Email" section to include a category to view all email attachments recovered from all email artifacts.
- WhatsApp iOS: Updated parsing support for group messages to recover sender information. [2.18.81]
- Twitter Android: Updated parsing support to recover tweets. [7.60.0]
- IME Suggestions (Japanese): Added carving support to recover Japanese characters suggested by the Input Method Entry (IME) feature. [Windows 10]
- Jott Android: Added parsing support to recover messages and groups. [1.2.1.7]
- KakaoTalk Windows: Updated parsing and carving support to decrypt pictures. [2.7.1]
Cloud
- You can now recover recently deleted files from iCloud Drive.
- You can now recover WhatsApp backups from Google Drive using a user's decryption key, phone number, and username and password. When you process an Android image, a new mobile artifact is created to detect the user's WhatsApp decryption key and phone number. If AXIOM Process recovers the user's WhatsApp decryption key and phone number, you can download the data and add the artifact as new evidence in your case. After you add the artifact as new evidence, you can use the new Cloud WhatsApp evidence source to provide the user's username, password, and phone number. You can use the Cloud WhatsApp artifact "customize" section to provide the decryption key.
- You can acquire a maximum of 90 days of Microsoft Office Audit Logs. To recover the most accurate information, AXIOM Process acquires either 90 days of data or if the user opted in to Audit Logs less than 90 days ago, AXIOM Process acquires data from the opt-in date.
Magnet.AI
- Magnet.AI can now search evidence for possible vehicles, drones, and building exteriors.
- The Magnet.AI documents model can now detect possible handwritten notes and schematics.
Processing
- Select a case type (such as child exploitation, fraud, organized crime, and so on) before you begin processing to allow AXIOM Examine to customize the display of relevant content, organize and locate cases easier, and more.
- Performance improvements and case size reduction when you process a large number of pictures.
Examining
- To help you get the most out of Magnet AXIOM, AXIOM Examine now displays pictures and videos with helpful tips, processes, and more.
- You can now cancel more actions in AXIOM Examine, such as switching to the Recursive view in the File System explorer, sorting items in the Artifact explorer, and more.
- You can remove evidence items in AXIOM Examine after you process your case from the case dashboard or from the Process menu.
- Click the vertical ellipses on artifact columns to access artifact column options easier.
- You can add new evidence and import Project VIC/CAID files from the case dashboard.
Bug fixes
- Sometimes, acquiring Box.com files and folders would take a significant amount of time to complete. -CAO-1603
- If you attempted to save an iOS backup found on a computer as a .zip file, a failure would occur. -AXE-5995
- Previously, if there was an audio file within a WhatsApp message, you couldn't listen to the file in the Preview card. -AXE-6063
- Sometimes date/time information in Column view was formatted incorrectly. -AXE-6052
- If you created an HTML report and moved the report to another device or drive, some pictures from the case dashboard wouldn't appear. -AXE-6068
- When you tried to change the picture of an evidence item on the case dashboard, image types such as JPEG and TIFF couldn't be selected in the File System explorer. -AXE-6045
- Parsed pictures in exported reports weren't appearing in the "Image" column. -AXE-6018
- Sometimes, when attempting to create an export that contained a picture, video, or document attachment, a failure would occur. -AXE-6095
Known issues
- Magnet AXIOM crashes when out of disk space. Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
- In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully. Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.
- When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine. Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a Files and Folders scan. (In the Evidence sources section, click Mobile > iOS > Load evidence > Files and Folders.)
- If you attempt to open a case that was processed using AXIOM Process version 2.5.0 in AXIOM Examine version 2.4.1 or earlier, an error messages appears. Workaround: Update Magnet AXIOM Examine to the latest version.
View the Release Notes for previous versions