Axiom Cyber Changelog

 

 

Learn More

Not already using Axiom Cyber?

We invite you to explore its features and functionalities on its product page.

Axiom Cyber Changelog

Axiom Cyber Update - 7.7.0.38007 - 14/11/2023

Artifacts:

  • Device Information | iOS: Added parsing support for iOS Device Information.
  • DJI Media | Android: Added parsing and carving support for DJI Media.
  • DJI Media | iOS: Added carving support for DJI Media.
  • DJI User Information | Android: Added parsing support for DJI User Information.
  • Edge Chromium Autofill | macOS, Windows: Updated parsing support to decrypt plaintext values.
  • Executive Object Callbacks | Windows Memory: Added parsing support for Executive Object Callbacks.
  • Facebook Messenger Messages | Android: Updated carving support. [v386]
  • Facebook Messenger Messages | iOS: Updated carving support to recover Group Name in Group Messages. [v408.1]
  • Find My Items | iOS, macOS: Updated parsing support to include the owner.
  • ICQ 10 Messages | Windows: Updated parsing support to include the ICQ ID of the sender or recipient.
  • Instagram Direct Messages | Android, iOS: Updated parsing support to recover Chat ID and Thread ID.
  • iOS Message Preferences | iOS: Updated parsing support to include blocked users and whether SMS forwarding is enabled.
  • Network Interfaces | iOS: Added parsing support to recover data from iOS Network Interfaces.
  • Private MAC Addresses | iOS: Added parsing support for Private MAC Addresses – iOS.
  • Various Biome artifacts | iOS: Added parsing support for iOS 17.

Remote Acquisition:

  • AXIOM Cyber now supports TLS 1.3 authentication.
  • The AXIOM Cyber agent template is now a signed binary, reducing the occurrences of being quarantined by antivirus tools.

Cloud:

  • Added support for parsing hits for Google Chat from Google Takeout.

Processing:

  • AXIOM GRAYKEY/VERAKEY Discovery service updated to restart automatically.
  • Enhanced capabilities with exFAT and Recovered deleted files.
  • Improvements to processing of .zip files with long file names.

Examination:

  • You can now upload cases from AXIOM Examine to Magnet REVIEW SaaS.

Data Enrichment and Analytics:

  • Improved Magnet.AI picture categorisation of video still frame collages.

Bug Fixes:

  • Improved YARA Rules logging to capture long running processes. -ENGN-10419
  • Previously, AXIOM Process may have crashed during attempts to process temp files that were removed prematurely. -ENGN-10593
  • Previously, VERAKEY devices were unable to register with the AXIOM GRAYKEY/VERAKEY Discovery service. -ENGN-10424
  • Security – CVE-2023-4863/CVE-2023-5217: Updated CefSharp libraries to address vulnerabilities where a crafted HTML page could allow an attacker to perform an out of bounds memory write, or potentially exploit heap corruption. -ENGN-10452
  • Data from multiple Signal artifacts wasn’t being correctly decrypted or acquired. -MARS-1686
  • Some Android Signal temporary files weren’t being acquired. -MARS-1696
  • Some data was being incorrectly included in the Text column for iOS Facebook Messenger Messages. -MARS-1690
  • Some iMessages/SMS/MMS for iOS 17 weren’t being parsed. -MARS-1671
  • Added support for Apple Warrant Return Contact cards (.vcfs). -CA-450
  • Previously, AXIOM may not have recovered all media from a Snapchat warrant return due to updated warrant return format. -CA-295
  • Previously, AXIOM was unable to acquire iCloud backups. -CA-1612
  • Previously, AXIOM would not allow multiple iCloud backup evidence sources in a single case. -CA-1519
  • Previously, AXIOM would not reattempt an acquisition if an internal server error response was received from the provider. -CA-1518
  • Previously, you could not sign into Slack to perform a live acquisition. -CA-1216
  • Excluded fields were still being displayed in load file exports. -EXE-279
Axiom Cyber Update - 02/10/2023

Updates & Features:

  • Facebook Contacts on Android now has improved support for recovering data. [394.1.0.51]
  • Facebook Messenger Messages on iOS can now find group names in group messages. [408.1]
  • iOS Messages Preferences get parsing support.
  • iOS Owner Information now easily recovers DSID from com.apple.itunescloud.plist. [iOS 16.5.1]
  • Safari Downloads on Android, iOS, and macOS can now retrieve download timestamps.
  • Signal Messages on Android has better support for recovering missing messages. [6.28.5]
  • Signal Users on Android can recover more user data. [6.28.5]
  • Snapchat Chat Messages on Android now recovers story replies. [12.20.0.33]
  • Tinder Accounts on Android can now fetch profile picture URLs. [14.3.1]

New Features:

  • Remote acquisition now allows you to include file and folder listings in the acquisition.
  • Cloud: You can now acquire shared drives from Google Workspace. Authenticate using client credentials for Microsoft user accounts.

Enhancements:

  • AXIOM can resolve Git URLs to a valid repo.
  • In the Registry explorer, you can quickly collapse items by right-clicking.
  • Highlight and view protobuf data in the Hex/Text Card by right-clicking.
  • The Magnet.AI weapons category now searches for 3D printed weapons and parts in media.

Bug Fixes:

  • Android devices with modified iSerial properties are no longer selectable as evidence sources to prevent vulnerabilities.
  • AXIOM can now read uninitialized file extents in ext4 images.
  • AXIOM Examine settings no longer crash after multiple attempts to close the Settings window.
  • Building the Media explorer won’t crash AXIOM Examine anymore.
  • Android TikTok Draft Media is now correctly reported as unpublished.
  • No more missing data from iOS Telegram Messages. [v9.5.4]
  • Instagram Direct Messages and Group Members from multiple sources now display correct sending and receiving users.
  • Google Photos acquisition will no longer fail with ‘too many requests.’