Known issues

마그넷 사의 AXIOM 업데이트..

New in Magnet AXIOM 2.2.0.10149 - June 21, 2018

Mobile and desktop artifacts

• Videos: Updated carving support for QuickTime videos.
• Internet Explorer 10-11 History: Updated parsing and carving of the "Access Count" attribute to more consistently represent user action instead of the database action. [Web]
• WeChat: Added support for recovery of nicknames and usernames of all chat participants. [WeChat 6.3-6.6 on iOS]
• Zoom User Accounts: The Zoom User Account artifact is now decrypted to fully recover conversation information. [Zoom 4.1.9355.0929 on Windows]
• OpenOffice: Added parsing and carving support for OpenOffice Writer, OpenOffice Calc, and OpenOffice Impress [OpenOffice 4.1.5 on Windows and OS X].
• iOS iMessage/SMS/MMS: Updated carving support to better recover chat threading information.
• Gmail: Added carving support to recover deleted emails. [Gmail 8.2 on Android]
• Facebook Pictures: Changed how Facebook pictures are classified to help deduplicate carved pictures and avoid over-reporting on picture quantities. [Web]
• OneDrive: Updated carving support to recover the list of synchronized/backed up files and their location on the user's computer. [OneDrive 17.3 on Windows]
• Added support for recovering Google Maps information. You can now recover saved locations, searched locations, and more. [Android]
• Skype: Updated parsing support for group chat details and contacts. [Skype 8.1-8.15 on Android]
• Skype: Updated parsing support for group chat details and contacts. [Skype 8.1-8.15 on iOS]
• Gmail Conversations: Added parsing and carving support for full history of email conversations. [Gmail 8.2 on Android]

Cloud artifacts

• If you attempt to process Google Photos with more than 11 000 pictures in an album, AXIOM Process will acquire the first 11 000 pictures in the album, and then move on to acquire the next album.
• You can now process Google My Activity user activity from a Google Takeout.
• You can now process Google Location History information from a Google Takeout, such as timestamps, geo-location, and more.
• You can now process Gmail data from a Google Takeout .zip image.
• You can now process Google Bookmarks from a Google Takeout.
• You can now process Google Hangouts chats from a Google Takeout.
• You can now build connections with the Google Takeout Bookmark artifact.
• You can now select which Office 365 user accounts you want to view audit logs for.
• You can now process Gmail data from a Google Takeout MBOX image.

AXIOM Process features

• AXIOM Process now supports adding Volatility profiles for Windows 10 17134.
• You can now load UFD files as a single source in AXIOM Process, whereas previously each segment of the image had to be loaded separately.
• You can now complete a physical and a lock bypass of MediaTek chipset devices to perform a physical acquisition.

AXIOM Examine features

• You can now refresh your case view.
• You can now use the Volatility CLI to export process executable files, dynamic-link library files loaded by the process, and/or open files in memory.
• AXIOM Examine no longer freezes when you use the CTRL + A key combination, or when you use the CTRL + A key combination, right-click the selected items, and then attempt to add/remove a tag.
• You can now use more keyboard shortcuts to complete actions by using a key or a combination of keys instead of your mouse. For example, you can press ALT + Left arrow to expand or collapse the "Navigation" pane.

Fixed issues

• If multiple Orphaned files on the same NTFS file system had the same file name, AXIOM Process would use the first file it found. As a result, AXIOM Process would only display information for the first Orphaned file it found, and duplicate the MD5/SHA1 values for the other Orphaned files with the same file name. -AXP-3431
• Sometimes when you processed a Greykey backup image, there would be folders and/or files missing. -AXP-3435
• If segmented .zip files, RAR files, and 7-Zip files had parentheses ( ) in the file name, AXIOM Process would fail to process the image. -AXP-3509
• If you clicked the Home button in AXIOM Examine and then tried to use the Artifacts filter, no options appeared, even if there were artifacts to filter. -AXE-5291
• When you set the language in AXIOM Examine to Japanese and you tried to use the Date filter, an error appeared. -AXE-4564
• If you attempted to scan a drive with encrypted partitions using the "Connected drive" option, AXIOM Process crashed. -AXP-3298
• Sometimes when a worker thread timeout occurred, your search would fail to progress.
• If you applied the "Untagged items" filter, and then tagged items, the filter wouldn't update to remove the items you tagged. -AXE-5606
• AXIOM Process no longer crashes if you attempt to process a Google Photos artifact with more than 11 000 pictures in an album. -CAO-1197
• Sometimes, when a portable case was being opened, the program would crash. -AXE-5323
• Sometimes, when you acquired an Office 365 account, the PST file that AXIOM Process created was named "@outloo.com" instead of "@outlook.com." -CAO-1380
• If you set the language to Traditional Chinese, Japanese, or Korean, right-clicked a picture, and selected "Sort by" > "File Name," the options were listed in English. -AXE-5406
• Sometimes, AXIOM Process would display an incorrect number of volume shadow copies when loading a computer image. -AXP-2333
• If you acquire a Facebook account, and then attempt to acquire the same account again, Facebook might limit the amount of messages you can acquire. -CAO-1441
• Android SMS/MMS (Content Provider) artifact was not recovering timestamps for some messages. -ART-9549
• Sometimes Skype attributes were displaying hex values instead of plain text, such as "#3a" instead of ":". -ART-8821

Known issues

• In some situations, antivirus software is known to prevent Magnet AXIOM from creating a portable case. For example, if Malware URLs are part of the evidence being exported, the portable case might not get created successfully. Workaround: Turn off the antivirus software and create the portable case. Turn on the antivirus software again.
• Magnet AXIOM crashes when out of disk space. Workaround: Check the amount of disk space available for the case and acquisition directories before you start processing.
• In older versions of AXIOM Examine (earlier than 1.1.0), if you attempt to open a case that was processed using AXIOM Process version 1.1.0 or later, you may experience unexpected results.
• When you process an encrypted iTunes backup and provide the password to decrypt it, the data might still appear in its encrypted form in AXIOM Examine. Workaround: Extract the iOS image from the compressed container to a different location on your computer. In AXIOM Process, perform a Files and Folders scan. (In the Evidence sources section, click Mobile > iOS > Load evidence > Files and Folders.)

AXIOM에 MTK 칩 익스플로잇 페치!!