±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34159
New Yesterday: 0 Visitors: 118

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Magnet Axiom

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page Previous  1, 2, 3, 4, 5  Next 
  

Re: Magent Axiom

Post Posted: Fri Aug 12, 2016 4:58 pm

- tracedf
- pbobby
IEF comes laden with artifacts and hits - this traceback let's you know exactly where on the hard drive the artifact was found. Very helpful.


I tested Belkasoft Evidence Center a while back and I couldn't easily figure out where the evidence was being found; that was a show-stopper for me. If I can't explain where something came from, I'm not putting it into a report.


Give a try to the v.7.5 at belkasoft.com/trial and see how the product changed. Now every item has "Origin" in its properties, which accurately shows data source, profile and some other details of where that item originated.

You are also welcome to PM me for any questions.
_________________
Digital Evidence Extraction Software
belkasoft.com 

Belkasoft
Senior Member
 
 
  

Re: Magent Axiom

Post Posted: Sat Aug 13, 2016 1:40 pm

Belkasoft Evidence Center 2017, with new features, it looks powerful

New Revolutionary BEC 2017 v.8.0
_________________
digitalna-forenzika.com 

Mreza
Senior Member
 
 
  

Re: Magnet Axiom

Post Posted: Sat Aug 13, 2016 8:06 pm

Hey everyone,

Just want to jump in here to provide some context and info.

There is a large list of features we have planned to add, including all of the items mentioned so far (exporting a folder listing, for example). We are far from "done" with AXIOM and this is just the beginning.

We are also working to educate folks on the features that *do* currently exist, like multiple keyword searching, which was mentioned. There are quite a number of new features that go above and beyond what IEF can do, and here are some of the bigger areas:

- desktop automation for imaging and processing - no more idle machines over night waiting for the next processing step to be initiated
- centralized views - apply keyword searches, filtering, and then change your view to best suit what you are looking at. Seamlessly move from view to view, and apply (or "stack") more filters and keywords to further drill down into the evidence.
- Once you've found relevant items, use our SourceLinking to go directly to the source evidence, whether it's a file, unallocated clusters, or a registry key.
- you can also then tag items and use our improved exporting to have complete control over what goes into the report or portable case.

We feel that it's an evolution of IEF: giving you everything you have enjoyed in IEF and adding access to the file system & registry, improved filtering/artifact views, improved UI, efficiency in your imaging/processing workflow, and some great features to come that I'm very excited about.

Please feel free to get a trial of AXIOM here: www.magnetforensics.co...e-30-days/

...and let us know what you think (PM me or email me directly at jad [at] magnetforensics [dot] com), we're moving quickly on the product and having calls/meetings with folks to understand where they want us to focus or what they liked or would like to see improved.

@jpickens, we do have non-dongle licensing options, please reach out to me or our sales team for more info.

AXIOM was born out of feedback from the IEF community and we've got some great things planned for it. We do keep growing our team to ensure we can provide quality software (both IEF and AXIOM) to you...we can't continue to build new products and solutions for free, but most people understand that and feel our products are competitively priced compared to other tools in this field. Our goal is to provide quality products, focused on forensics, for a fair price, that helps you do your job faster and better. We're not interested in competing on price, feature lists, or sacrificing quality for those things.

A big thanks to our long-time supporters...you have helped us shape and define IEF (and now AXIOM) throughout the years!

Best regards,
Jad  

MagnetForensics
Member
 
 
  

Re: Magent Axiom

Post Posted: Tue Aug 16, 2016 1:50 am

I am beginning to like Axiom the more I use it.
It's new but I believe that it has a future.

It is lacking a lot of features that exist in other tools and I would like to see brought into Axiom.

1. One feature is sorting the pictures by size, or any value. You can sort in list view but when you change to icon, or gallery view, the sorting is returned to whatever Axiom defaults to, and there is no way to resort.

2. another feature that I am trying to figure out as we speak, in their help file Axiom explains how to tell what devices (USB) have been plugged into a computer by s#, dates, times, etc, but apparently Axiom does not glean that information from the USB devices themselves.

So, I have several USB drives that I have no idea if they have a ser# and no way to tell if they were the devices plugged into this computer.

I haven't fully committed to purchasing Axiom yet, I still have a couple weeks, but I think they are responsive to requests and I think that it can replace a couple of other high priced tools that I want to rid my tool box of.  

lasvegascop
Senior Member
 
 
  

Re: Magent Axiom

Post Posted: Tue Aug 16, 2016 6:03 am

- lasvegascop

So, I have several USB drives that I have no idea if they have a ser# and no way to tell if they were the devices plugged into this computer.


Are they unusual devices? There are ways to figure out the serial number, but I don't want to patronise you by posting them if they aren't your straightforward USB sticks Very Happy  

Chris_Ed
Senior Member
 
 
  

Re: Magent Axiom

Post Posted: Tue Aug 16, 2016 1:38 pm

Ok, I apologize,
I need to rephrase my issue. All my "devices" are E01 images.

a complete physical image was created of the original device.

Is there anyway that the serial number would have been extracted from the E01.
FTK imager was used to do a physical copy.  

lasvegascop
Senior Member
 
 
  

Re: Magent Axiom

Post Posted: Tue Aug 16, 2016 4:41 pm

- lasvegascop

1. One feature is sorting the pictures by size, or any value. You can sort in list view but when you change to icon, or gallery view, the sorting is returned to whatever Axiom defaults to, and there is no way to resort.

You can do this already. Go to thumbnail view, select Pictures, then right-click and sort by whatever value you want to sort on. Obviously it's easier when you can just click on the column but in thumbnail view, we added it as a right-click since there are no columns to represent the data in that view.
- lasvegascop

2. another feature that I am trying to figure out as we speak, in their help file Axiom explains how to tell what devices (USB) have been plugged into a computer by s#, dates, times, etc, but apparently Axiom does not glean that information from the USB devices themselves.

So for this, the info isn't normally stored on the actual devices, the Windows OS typically controls this info. Which is why we'll pull it from the installed OS. This is handled a little differently since I assume they're not bootable with an OS installed on them and just have one or more logical volumes on it. Not all USB mass storage devices actually have a physical serial number tied to it. Windows will try to use it if it's there, otherwise it will create it's own unique serial to identify different device connections.

You mentioned that you have images of the actual USB devices? Even if there are physical serial numbers associated to it, it's not always in the VBR (or MBR depending on the device) which is all your E01 image will have. You may need a separate tool to read the physical chip on the USB. I tend to use usbview.exe as a separate tool to read USB physical devices. It's free and worth a shot.

Hope that helps, feel free to reach out with any more questions or suggestions.
Jamie McQuaid
Magnet Forensics  

mcman
Senior Member
 
 

Page 2 of 5
Go to page Previous  1, 2, 3, 4, 5  Next