Join Us!

X-Ways and NetAnaly...
 
Notifications
Clear all

X-Ways and NetAnalysis and IEF  

  RSS
roncufley
(@roncufley)
Active Member

I use X-Ways Forensic as my main analysis tool but am considering if I should buy NetAnalysis by Craig Wilson and/or Internet Evidence Finder in addition. Any views as to overlap or unique functions would be welcome.

Ron Cufley

Quote
Posted : 02/03/2018 11:01 am
minime2k9
(@minime2k9)
Active Member

Yeah I'd stay away from Netanalysis, it was good in previous times (probably over 5 years ago) but it hasn;t kept up with the pace of change in too many areas.
IEF/Axiom is a good choice and easily preferable to Netanalysis

ReplyQuote
Posted : 03/03/2018 9:35 am
Chris55728
(@chris55728)
Junior Member

Hi Ron,

Given the choice between NetAnalysis and IEF I'd go for the latter.

As minime2k9 said, NetAnalysis was good a few years back but IEF has come on leaps and bounds since it was first released and has overtaken NetAnalysis in all areas.

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

The thing is, some people just want the functionality of IEF, not all the bells and whistles that AXIOM provides. I wish they'd market AXIOM as the 'new' IEF and which you could purchase and then have the imaging, data analysis and reporting aspects as separate 'modules' that you could purchase individually if you needed them. Not everyone wants or needs everything that AXIOM provides yet they have to pay for it regardless.

Please don't think this is me Magnet-bashing. I've been using IEF for years now (from when it was published by JAD Software) and whenever I've logged calls with them they've been on the ball and prompt in their responses, they release updates on an almost monthly basis and the software does what it says on the tin. I still think they're going to phase out IEF and their documentation sometimes lags behind the artefacts that IEF recovers but overall I rate IEF.

Cheers.

ReplyQuote
Posted : 05/03/2018 7:42 am
mcman
(@mcman)
Active Member

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

We have no plans to discontinue IEF anytime soon and we still do monthly updates to both IEF and AXIOM. You may see more analysis tools and unique features go into AXIOM but from an artifact standpoint, we update them both on an equal pace.

Honestly, we built AXIOM because there were a lot of people who wanted features (acquisitions, file system/registry views, artifact indexing, connections, etc.) that the codebase for IEF couldn't handle but if you're looking for none of the bells and whistles, just the artifacts, IEF isn't going anywhere.

Jamie McQuaid
Magnet Forensics

ReplyQuote
Posted : 05/03/2018 2:17 pm
Randy_Randerson
(@randy_randerson)
New Member

Bunch of words.

Chris, I totally get what you're saying and as someone not even remotely close to being affiliated with Magnet I don't think you're looking at it from the perspective of a company or business in general.

When we moved from IEF to Axiom, we did so because it had all the functions we wanted to streamline imaging and processing over the weekend so my people didn't have to remote in on days off to keep a case moving. I am also of the mentality that it is very bad for business to nickel and dime out your modules to your customers by having them go through a catalog of what they want and then charging based on that. If I don't wanna use the imaging feature, I don't use it. But there may be times that I will want to. This is something I've seen companies like AccessData and even Guidance do this with their software. Guess what isn't used in my lab anymore?

ReplyQuote
Posted : 05/03/2018 7:29 pm
Adam10541
(@adam10541)
Senior Member

If you need to examine browser artifacts, messaging applications Magnet Axiom is good but slow. I didn't use netanalysis, but their file carver (Blade) is handy. I'd also try Forensafe Analyser for the same issue, really fast, much cheaper but does not have as many artifact types as Axiom. There is also Belkasoft Evidence Center.

You mention Forensafe, which looks interesting but it doesn't appear it's available yet? Or if it is there is no links etc on their webpage to suggest pricing or download demo's etc..

ReplyQuote
Posted : 06/03/2018 6:47 am
Chris55728
(@chris55728)
Junior Member

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

We have no plans to discontinue IEF anytime soon and we still do monthly updates to both IEF and AXIOM. You may see more analysis tools and unique features go into AXIOM but from an artifact standpoint, we update them both on an equal pace.

Honestly, we built AXIOM because there were a lot of people who wanted features (acquisitions, file system/registry views, artifact indexing, connections, etc.) that the codebase for IEF couldn't handle but if you're looking for none of the bells and whistles, just the artifacts, IEF isn't going anywhere.

Jamie McQuaid
Magnet Forensics

Hi Jamie,

I hope you weren't offended by my comments, I think I probably had my cynical hat on when I wrote the reply which probably wasn't the best of ideas! Thank you for putting my fears to rest.

Cheers.

ReplyQuote
Posted : 06/03/2018 7:09 am
Chris55728
(@chris55728)
Junior Member

Bunch of words.

Chris, I totally get what you're saying and as someone not even remotely close to being affiliated with Magnet I don't think you're looking at it from the perspective of a company or business in general.

When we moved from IEF to Axiom, we did so because it had all the functions we wanted to streamline imaging and processing over the weekend so my people didn't have to remote in on days off to keep a case moving. I am also of the mentality that it is very bad for business to nickel and dime out your modules to your customers by having them go through a catalog of what they want and then charging based on that. If I don't wanna use the imaging feature, I don't use it. But there may be times that I will want to. This is something I've seen companies like AccessData and even Guidance do this with their software. Guess what isn't used in my lab anymore?

Hi Randy,

I agree with you. From a business point of view it certainly makes more sense to have a single price for a product and is less grief for the consumer when making the purchase. I was looking at it from perhaps the naive viewpoint of an end user wanting a specific product for a specific price. When budgets are tight and you already have/use products that do imaging for example, why pay for another product that does what you need it to do but also has extra features that you're, more than likely, never going to use?

Having said that, AXIOM does allow command line switches so, as you said, I guess it is possible to automate imaging and a degree of processing which means out of hours time can be better utilised to keep jobs moving. Given the workload that we have where I work, this type of feature will be invaluable.

Cheers.

ReplyQuote
Posted : 06/03/2018 7:25 am
randomaccess
(@randomaccess)
Active Member

The thing is, some people just want the functionality of IEF, not all the bells and whistles that AXIOM provides. I wish they'd market AXIOM as the 'new' IEF and which you could purchase and then have the imaging, data analysis and reporting aspects as separate 'modules' that you could purchase individually if you needed them. Not everyone wants or needs everything that AXIOM provides yet they have to pay for it regardless.

I'm with you on this more or less.

Magnet makes Acquire, IEF, and AXIOM, with the latter incorporating and building on the previous.
It would be great if AXIOM without a license allowed for acquisition, with an IEF license just internet artefacts, and then AXIOM gets you what you get now.

It's a great product, but some people don't need the extra features found in AXIOM just yet. Having it in their hands for the acquisition and internet processing capabilities may even result in more sales because people will already have the product.
Also, whilst I understand that the backend is updated with each release, I don't think things like IEF Timeline are going to be improved with the same vigor as AXIOM's GUI.

just my 2c

ReplyQuote
Posted : 06/03/2018 9:59 am
mcman
(@mcman)
Active Member

Hi Jamie,

I hope you weren't offended by my comments, I think I probably had my cynical hat on when I wrote the reply which probably wasn't the best of ideas! Thank you for putting my fears to rest.

Cheers.

Not at all Chris ), just figured I'd weigh in letting everyone know that we continue to support IEF as we do often get questions about it.

Jamie

ReplyQuote
Posted : 06/03/2018 2:05 pm
mcman
(@mcman)
Active Member

It would be great if AXIOM without a license allowed for acquisition, with an IEF license just internet artefacts, and then AXIOM gets you what you get now.

That's not a bad idea, one thing that would cause issues with this is that AXIOM and ACQUIRE don't have all the same acquisition methods. For most logical methods they're pretty equal but ACQUIRE doesn't include recovery images for Samsung devices, LG passcode bypass, and Samsung bypass with MTP to name a few. There are a few smaller advantages to having the paid tool over the free one but even then maybe we can build out a way to have it work similar to how other tools have done computer imaging without a license.

Also, whilst I understand that the backend is updated with each release, I don't think things like IEF Timeline are going to be improved with the same vigor as AXIOM's GUI.

You're likely correct in that aspect, we'll do artifact updates and bug fixes in IEF so if you find anything wrong or not working correctly, let us know, but as mentioned in the previous post, you'll likely seem more of our development time spent on new analysis features in AXIOM over IEF simply because if we tried to do both, both tools would hurt from a lack of resources.

Hope that helps clarify a few things.
Jamie

ReplyQuote
Posted : 06/03/2018 2:21 pm
Share: