EnCase vs Magnet Ax...
 
Notifications
Clear all

EnCase vs Magnet Axiom  

Page 2 / 2
  RSS
trewmte
(@trewmte)
Community Legend
Posted by: @twjolson

The flaw with your question is that neither forensics nor incident response can be done competently with just one or two tools.

Its like a carpenter asking, "I"m building a house, which tool should I use - a hammer or a saw".

The answer to your question, really, is both, plus more.  Probably many more.  Some free, some not.

Instead, break it up into tasks and ask which tools are best for that task.  So, for incident response, which tool is best for imaging over the network?  For on-scene, which tool is best for triaging a live system?  Which tool is best for imaging memory?  What tool is best for reviewing Windows event logs?  Which tool is best for static malware analysis?  Which tool is best for dynamic static analysis?  On and on and on.

The response above from the FF member was the one for me that prompted my post about Cyan Forensics. I did get a response from Bill and he kindly confirmed he was only making a comparison about companies, as in SME. 

The 'triage and hashes' offered as core capabilties by both Encase and Cyan are what interested me when considering @twjolson comments above.

https://www.guidancesoftware.com/encase-portable

Digital Forensic tools are on the increase and for anyone coming from, for example, a DFIR side or from digital security (Blue Team now has DF exams and certificate) can be overwhelmed and not appreciate the mix and match of tools that can assist investigations, extraction and harvesting, analysis and cross-comparison.

I am told there are further tests being carried out by Cyan so I hope that feedback can add to this discussion thread. 

 

 

ReplyQuote
Posted : 03/09/2020 11:44 am
minime2k9
(@minime2k9)
Active Member

@trewmte

I've testing Cyans tool and it does what it says it does, it looks for party of files from a known database.....but nothing else. No ability to see what files have been accessed, run keywords etc. 

Its pretty useless except for some police forces to use it to justify returning an item that they don't have the resources to examine and no actual intelligence to justify a 'proper' examination. So they will use it on a suspects family member (wife, daughter etc.) device and then they will give it back when it finds nothing.

ReplyQuote
Posted : 06/09/2020 9:43 pm
trewmte liked
Mreza
(@mreza)
Member
Posted by: @elchinmv

Hello,

My company wants to buy a forensic tool. Also, we would like to have better incident response/malware analysis features. We are stuck between EnCase and Axiom. I know both EnCase and Axiom are great tools for forensics, but which one will do better job for Malware analysis/incident response ? Thank you! 

AccessData FTK has the ability to malware analysis on executable binaries

https://accessdata.com/products-services/cerberus

ReplyQuote
Posted : 22/09/2020 10:11 am
Em-Belkasoft
(@em-belkasoft)
Junior Member
Posted by: @elchinmv

Hello,

My company wants to buy a forensic tool. Also, we would like to have better incident response/malware analysis features. We are stuck between EnCase and Axiom. I know both EnCase and Axiom are great tools for forensics, but which one will do better job for Malware analysis/incident response ? Thank you! 

Depending on the level of the granularity of details you are looking to get and your experience, you may want to consider Belkasoft Evidence Center (BEC) for incident response. To see BEC in action for IR, you can go through Belkasoft's new series of white papers on the topic. 

ReplyQuote
Posted : 28/09/2020 9:14 am
Pachuco
(@pachuco)
New Member

@mreza - Having been certified in EnCase in 2009 and now having used AXIOM for years now (we have an AXIOM certified employee too) I can tell you there exists an ever widening difference between the two. EnCase was always our 'go to' product for the first attack but we always used others as well. Such as IEF by Magnet, Autopsy, and others. It seemed to us that EnCase began to move towards eDiscovery more than digital forensics starting about 2010. Still, we stayed with Encase through all of Versions 6 and 7. Eventually, though, we began using Axiom more and more and now it is our first choice. The training that Jamey Tubbs at EnCase gave us was second to none but now he has also moved to Magnet. If it were me, starting over today, I would choose Axiom. Remember though, you will always need more than one tool so consdier that. We used Belkasoft for about 2 years and liked it as well. You may want to start with Axiom and set your sights on bringing Belkasoft in a little later. Yuri is a real go-getter and you should see him skateboard too! Good luck!

ReplyQuote
Posted : 28/09/2020 5:17 pm
Mreza
(@mreza)
Member

I still prefer X-Ways Forensics

https://docs.google.com/document/d/1OmXFeAY6ijdAJXPIdis_BmibHZsNqXyQSulGKoWfLzQ/edit#

ReplyQuote
Posted : 17/10/2020 8:27 am
Page 2 / 2
Share: