Facebook Messenger Messages | iOS: Updated carving support to recover Group Name in Group Messages. [v408.1]
Find My Items | iOS, macOS: Updated parsing support to include the owner.
ICQ 10 Messages | Windows: Updated parsing support to include the ICQ ID of the sender or recipient.
Instagram Direct Messages | Android, iOS: Updated parsing support to recover Chat ID and Thread ID.
iOS Message Preferences | iOS: Updated parsing support to include blocked users and whether SMS forwarding is enabled.
Network Interfaces | iOS: Added parsing support to recover data from iOS Network Interfaces.
Private MAC Addresses | iOS: Added parsing support for Private MAC Addresses – iOS.
Various Biome artifacts | iOS: Added parsing support for iOS 17.
AXIOM Cyber now supports TLS 1.3 authentication.
The AXIOM Cyber agent template is now a signed binary, reducing the occurrences of being quarantined by antivirus tools.
Added support for parsing hits for Google Chat from Google Takeout.
AXIOM GRAYKEY/VERAKEY Discovery service updated to restart automatically.
Enhanced capabilities with exFAT and Recovered deleted files.
Improvements to processing of .zip files with long file names.
You can now upload cases from AXIOM Examine to Magnet REVIEW SaaS.
Data Enrichment and Analytics:
Improved Magnet.AI picture categorisation of video still frame collages.
Improved YARA Rules logging to capture long running processes. -ENGN-10419
Previously, AXIOM Process may have crashed during attempts to process temp files that were removed prematurely. -ENGN-10593
Previously, VERAKEY devices were unable to register with the AXIOM GRAYKEY/VERAKEY Discovery service. -ENGN-10424
Security – CVE-2023-4863/CVE-2023-5217: Updated CefSharp libraries to address vulnerabilities where a crafted HTML page could allow an attacker to perform an out of bounds memory write, or potentially exploit heap corruption. -ENGN-10452
Data from multiple Signal artifacts wasn’t being correctly decrypted or acquired. -MARS-1686
Some Android Signal temporary files weren’t being acquired. -MARS-1696
Some data was being incorrectly included in the Text column for iOS Facebook Messenger Messages. -MARS-1690
Some iMessages/SMS/MMS for iOS 17 weren’t being parsed. -MARS-1671
Added support for Apple Warrant Return Contact cards (.vcfs). -CA-450
Previously, AXIOM may not have recovered all media from a Snapchat warrant return due to updated warrant return format. -CA-295
Previously, AXIOM was unable to acquire iCloud backups. -CA-1612
Previously, AXIOM would not allow multiple iCloud backup evidence sources in a single case. -CA-1519
Previously, AXIOM would not reattempt an acquisition if an internal server error response was received from the provider. -CA-1518
Previously, you could not sign into Slack to perform a live acquisition. -CA-1216
Excluded fields were still being displayed in load file exports. -EXE-279
Axiom Cyber Update - 02/10/2023
Updates & Features:
Facebook Contacts on Android now has improved support for recovering data. [3126.96.36.199]
Facebook Messenger Messages on iOS can now find group names in group messages. [408.1]
iOS Messages Preferences get parsing support.
iOS Owner Information now easily recovers DSID from com.apple.itunescloud.plist. [iOS 16.5.1]
Safari Downloads on Android, iOS, and macOS can now retrieve download timestamps.
Signal Messages on Android has better support for recovering missing messages. [6.28.5]
Signal Users on Android can recover more user data. [6.28.5]
Snapchat Chat Messages on Android now recovers story replies. [188.8.131.52]
Tinder Accounts on Android can now fetch profile picture URLs. [14.3.1]
Remote acquisition now allows you to include file and folder listings in the acquisition.
Cloud: You can now acquire shared drives from Google Workspace. Authenticate using client credentials for Microsoft user accounts.
AXIOM can resolve Git URLs to a valid repo.
In the Registry explorer, you can quickly collapse items by right-clicking.
Highlight and view protobuf data in the Hex/Text Card by right-clicking.
The Magnet.AI weapons category now searches for 3D printed weapons and parts in media.
Android devices with modified iSerial properties are no longer selectable as evidence sources to prevent vulnerabilities.
AXIOM can now read uninitialized file extents in ext4 images.
AXIOM Examine settings no longer crash after multiple attempts to close the Settings window.
Building the Media explorer won’t crash AXIOM Examine anymore.
Android TikTok Draft Media is now correctly reported as unpublished.
No more missing data from iOS Telegram Messages. [v9.5.4]
Instagram Direct Messages and Group Members from multiple sources now display correct sending and receiving users.
Google Photos acquisition will no longer fail with ‘too many requests.’
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Set by Google to distinguish users.
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.