EnCase vs Magnet Ax...
 
Notifications
Clear all

EnCase vs Magnet Axiom

21 Posts
15 Users
5 Likes
9,388 Views
(@elchinmv)
Posts: 6
Active Member
Topic starter
 

Hello,

My company wants to buy a forensic tool. Also, we would like to have better incident response/malware analysis features. We are stuck between EnCase and Axiom. I know both EnCase and Axiom are great tools for forensics, but which one will do better job for Malware analysis/incident response ? Thank you! 

 
Posted : 04/08/2020 8:36 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

Mostly none of these two, both will be able to get you partial results only. Get a tool specifically for incident response analisys and not for dedicated to forensics!

 
Posted : 17/08/2020 6:22 pm
(@dom_newman)
Posts: 3
New Member
 

I think Magnet is bit further with this topic in these days and also more user friendly.

 
Posted : 18/08/2020 8:20 am
B1N2H3X reacted
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Doesn't it really depend on what you consider "better" when it comes to malware analysis and incident response?  

I mean, it's hard to say if one tool is better than the other, if you're not able to articulate your requirements.  As they are right now, they're pretty vague.  If I were to respond to your question right now, as it stands, I'd say, "neither".  

Some things to think about...what are you trying to do when you say "malware analysis"?  What are the steps involved with something like this, in your mind?

Now, do the same thing with "incident response".

 

 
Posted : 18/08/2020 7:50 pm
Northwind
(@northwind)
Posts: 33
Eminent Member
 
Posted by: @elchinmv

Hello,

My company wants to buy a forensic tool. Also, we would like to have better incident response/malware analysis features. We are stuck between EnCase and Axiom. I know both EnCase and Axiom are great tools for forensics, but which one will do better job for Malware analysis/incident response ? Thank you! 

MAGNET AXIOM

 
Posted : 19/08/2020 11:16 am
B1N2H3X reacted
(@sisyphus)
Posts: 4
New Member
 

Personally, I wouldn't use either Encase or Magnet Axiom for Incident Response.  I would use a series of programs instead to acquire volatile data, and subsequently some non-volatile data, then proceed into other programs to hash files and go through the pids of processes and virus checks.

Nuix VDC2/3, Kape, Bulk Extractor, Bambi Raptor, Volatility, Redline, Wireshark, Network Miner, a good Linux VM..

 

Any of those would be more useful in Incident Response than your original two choices IMO.

 

BUT-- if your only choice is those two previously mentioned, then I would definitely go with Magnet Axiom.

 
Posted : 19/08/2020 1:04 pm
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

If you are going to narrow it down to these two, I would go with AXIOM.  I have been using EnCase for 8 years and Magnet Forensics IEF/AXIOM for the last 7 years.  I have seen a steady decline in the quality of EnCase Forensic over the last couple of years, and their customer service has followed the same route unfortunately.  EnCase does a lot of things well, but I would be concerned about the quality of the support you will get and performance down the road.

On the other hand, Magnet Forensics has good customer support who respond quickly and thoroughly.  All of my tech support questions have been responded to in less than 24 hours.  AXIOM is updated regularly and they continue to expand its capabilities.  It might come across as push button forensics, but it will get the artifacts to you, and then you as the analyst can review and verify what you find.  Which is something we all should be doing anyways.

 
Posted : 19/08/2020 4:48 pm
B1N2H3X reacted
(@twjolson)
Posts: 417
Honorable Member
 

The flaw with your question is that neither forensics nor incident response can be done competently with just one or two tools.

Its like a carpenter asking, "I"m building a house, which tool should I use - a hammer or a saw".

The answer to your question, really, is both, plus more.  Probably many more.  Some free, some not.

Instead, break it up into tasks and ask which tools are best for that task.  So, for incident response, which tool is best for imaging over the network?  For on-scene, which tool is best for triaging a live system?  Which tool is best for imaging memory?  What tool is best for reviewing Windows event logs?  Which tool is best for static malware analysis?  Which tool is best for dynamic static analysis?  On and on and on.

 
Posted : 19/08/2020 4:58 pm
athulin reacted
(@taweret)
Posts: 8
Active Member
 

No one uses encase after version 6 anymore, easy choice though better alternatives exist

This post was modified 4 years ago by Taweret
 
Posted : 30/08/2020 4:50 pm
(@trewmte)
Posts: 1877
Noble Member
 
Professor Bill Buchanan OBE, PhD, FBCS, a Professor of Cryptography at Edinburgh Napier University recently highlighted that people should look more closely at small-to-medium size enterprises and the software products they produce. Bill gave a few suggestions to illustrate what he meant:
 

For every Cisco, there's a FarrPoint
For every Symantec, there's a 7 Elements
For every Secureworks, there's an Adarma Security
For every Guidance Software (EnCase), there's a Cyan Forensics
For every IBM, there's a Symphonic Software
For every Amazon, there's a CirrusHQ

https://www.cyanforensics.com/

 
Posted : 31/08/2020 12:54 pm
Page 1 / 3
Share: