Forums
Main Category
General (Technical,...
AXIOM Cyber
 
Notifications
Clear all

AXIOM Cyber

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jpickens 5 years ago
13 Posts
7 Users
0 Reactions
3,096 Views
RSS
pbobby
 pbobby
(@pbobby)
Estimable Member
Joined: 16 years ago
Posts: 239
06/02/2020 2:36 pm  

I beta tested Axiom Cyber - some datapoints for you.

1. Endpoint is windows only.

2. No parsing of NTFS data structures (so no filtering of content based on permissions), no signature analysis. Everything based on just name. So perhaps good for triage gathering.

3. Can collect files by 'type', but these categories are not editable. And since data structures aren't parsed, I can't constrain the collection by an NTID. For example, I want all PSTs and .docx for a particular Owner SID, no go.

4. What does the acquisition data look like when you collect it? Okay, this is where it gets silly.

The product creates one folder on my local system per target file! Yes, collecting 5000 files? Axiom Cyber creates 5000 local folders.

When the collection is finally complete, you have a ZIP of the target contents! Yes a ZIP, not a forensic container, a ZIP of the collected files.

To be honest, if that's all that is happening, you might as well get permissions on the target device and just mount C$.

Axiom Cyber has a ways to go.


   
ReplyQuote
MagnetForensics
 MagnetForensics
(@magnetforensics)
Eminent Member
Joined: 16 years ago
Posts: 40
06/02/2020 2:48 pm  

Hi pbobby,

Thanks for sharing your experience and feedback - always helpful for us to know where we're doing well and where we need to do some work.

Just a few comments on your points below

1. Yes, just Windows right now but Mac is coming soon.

2. This is helpful - I'll chat with the team to see if the NTFS permissions/data structure items are on the roadmap. I can totally see the value of using those attributes as criteria for collecting files.

3. The 'collect by type' categories will be customizable in an upcoming release, that's definitely already on the roadmap.

4. Also appreciate your candid feedback here - we do have plans to add support for the AFF4-L (logical) image format for those who want a forensic container. We used ZIP initially to keep things simple and use a standard format that many other tools would support, and selected AFF4-L as the next format option since it's an open format. I do believe we're also taking steps today to preserve the MAC times of the files and we store all the files' metadata in a log file that includes hashes of all the collected files so that can always be re-verified if ever questioned.

I'll reach out to you offline as I'm sure our team would love to get on a call with you to go into all of your feedback in more detail, if you'd be open to that.

Thanks!
Jad


   
ReplyQuote
jpickens
 jpickens
(@jpickens)
Estimable Member
Joined: 18 years ago
Posts: 130
06/02/2020 2:56 pm  

Afternoon,
Please fill free to reach out to our team at sales@magnetforensics.com to learn more about our different licensing options!

Are there any product documents or briefs on the new licencing models available and for which products? If so, can you link it here?


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: