Join Us!

Notifications
Clear all

Magnet Axiom  

Page 1 / 3
  RSS
Jonathan
(@jonathan)
Senior Member

License renewal time for IEF and I see that it's now developed into a product called Axiom, with an attendant price rise.

I'd be interested in honest feedback on Axiom from those who've used it. Is it the next big thing? Or is it like when FTK went from 1.7 to 2 or EnCase from version 6 to 7?!

Thanks.

Jonathan

Quote
Posted : 11/08/2016 12:34 am
Belkasoft
(@belkasoft)
Active Member

Why not switch to Belkasoft which has the same (and somewhere wider) feature set for much smaller price?

ReplyQuote
Posted : 11/08/2016 2:09 am
Deltron
(@deltron)
Active Member

Axiom is kinda just skined IEF, no real extra value.
It does have a file system viewer and a registry viewer and the default IEF view where you can right click and see the artifact in different views panes. But meh Load the image into IEF then double check your findings in FTK anyways.

For non law enforcement I fell the tool is lacking as a competitor to FTK/Encase
Example I wanted to export a list of folders and the MAC for the folders but there was no possible way to do this in Axiom. while in Ftk i just select the folders and do a export file list to csv.
Also you cant do multiple keyword searches unless they updated it.
There is just alot missing to justify spending the money for it. I can go into more detail but just going of memory from now,.

ReplyQuote
Posted : 11/08/2016 3:26 am
jpickens
(@jpickens)
Active Member

I saw a demo. It has promise, but until they can get away from a physical dongle to license the product, I have no need for it. Same for IEF, unfortunately.

ReplyQuote
Posted : 11/08/2016 7:44 pm
Jonathan
(@jonathan)
Senior Member

Thanks guys. Not quite an overwhelming vote of confidence…

ReplyQuote
Posted : 12/08/2016 12:39 am
pbobby
(@pbobby)
Active Member

The most significant feature they tout is the 'traceback' capability (they call it something else, but I forget).

IEF comes laden with artifacts and hits - this traceback let's you know exactly where on the hard drive the artifact was found. Very helpful.

ReplyQuote
Posted : 12/08/2016 11:23 pm
tracedf
(@tracedf)
Active Member

IEF comes laden with artifacts and hits - this traceback let's you know exactly where on the hard drive the artifact was found. Very helpful.

I tested Belkasoft Evidence Center a while back and I couldn't easily figure out where the evidence was being found; that was a show-stopper for me. If I can't explain where something came from, I'm not putting it into a report.

ReplyQuote
Posted : 12/08/2016 11:48 pm
Belkasoft
(@belkasoft)
Active Member

IEF comes laden with artifacts and hits - this traceback let's you know exactly where on the hard drive the artifact was found. Very helpful.

I tested Belkasoft Evidence Center a while back and I couldn't easily figure out where the evidence was being found; that was a show-stopper for me. If I can't explain where something came from, I'm not putting it into a report.

Give a try to the v.7.5 at https://belkasoft.com/trial and see how the product changed. Now every item has "Origin" in its properties, which accurately shows data source, profile and some other details of where that item originated.

You are also welcome to PM me for any questions.

ReplyQuote
Posted : 12/08/2016 11:58 pm
Mreza
(@mreza)
Member

Belkasoft Evidence Center 2017, with new features, it looks powerful

New Revolutionary BEC 2017 v.8.0

ReplyQuote
Posted : 13/08/2016 8:40 pm
MagnetForensics
(@magnetforensics)
Junior Member

Hey everyone,

Just want to jump in here to provide some context and info.

There is a large list of features we have planned to add, including all of the items mentioned so far (exporting a folder listing, for example). We are far from "done" with AXIOM and this is just the beginning.

We are also working to educate folks on the features that *do* currently exist, like multiple keyword searching, which was mentioned. There are quite a number of new features that go above and beyond what IEF can do, and here are some of the bigger areas

- desktop automation for imaging and processing - no more idle machines over night waiting for the next processing step to be initiated
- centralized views - apply keyword searches, filtering, and then change your view to best suit what you are looking at. Seamlessly move from view to view, and apply (or "stack") more filters and keywords to further drill down into the evidence.
- Once you've found relevant items, use our SourceLinking to go directly to the source evidence, whether it's a file, unallocated clusters, or a registry key.
- you can also then tag items and use our improved exporting to have complete control over what goes into the report or portable case.

We feel that it's an evolution of IEF giving you everything you have enjoyed in IEF and adding access to the file system & registry, improved filtering/artifact views, improved UI, efficiency in your imaging/processing workflow, and some great features to come that I'm very excited about.

Please feel free to get a trial of AXIOM here https://www.magnetforensics.com/try-magnet-axiom-free-30-days/

…and let us know what you think (PM me or email me directly at jad [at] magnetforensics [dot] com), we're moving quickly on the product and having calls/meetings with folks to understand where they want us to focus or what they liked or would like to see improved.

@jpickens, we do have non-dongle licensing options, please reach out to me or our sales team for more info.

AXIOM was born out of feedback from the IEF community and we've got some great things planned for it. We do keep growing our team to ensure we can provide quality software (both IEF and AXIOM) to you…we can't continue to build new products and solutions for free, but most people understand that and feel our products are competitively priced compared to other tools in this field. Our goal is to provide quality products, focused on forensics, for a fair price, that helps you do your job faster and better. We're not interested in competing on price, feature lists, or sacrificing quality for those things.

A big thanks to our long-time supporters…you have helped us shape and define IEF (and now AXIOM) throughout the years!

Best regards,
Jad

ReplyQuote
Posted : 14/08/2016 3:06 am
lasvegascop
(@lasvegascop)
Member

I am beginning to like Axiom the more I use it.
It's new but I believe that it has a future.

It is lacking a lot of features that exist in other tools and I would like to see brought into Axiom.

1. One feature is sorting the pictures by size, or any value. You can sort in list view but when you change to icon, or gallery view, the sorting is returned to whatever Axiom defaults to, and there is no way to resort.

2. another feature that I am trying to figure out as we speak, in their help file Axiom explains how to tell what devices (USB) have been plugged into a computer by s#, dates, times, etc, but apparently Axiom does not glean that information from the USB devices themselves.

So, I have several USB drives that I have no idea if they have a ser# and no way to tell if they were the devices plugged into this computer.

I haven't fully committed to purchasing Axiom yet, I still have a couple weeks, but I think they are responsive to requests and I think that it can replace a couple of other high priced tools that I want to rid my tool box of.

ReplyQuote
Posted : 16/08/2016 8:50 am
Chris_Ed
(@chris_ed)
Active Member

So, I have several USB drives that I have no idea if they have a ser# and no way to tell if they were the devices plugged into this computer.

Are they unusual devices? There are ways to figure out the serial number, but I don't want to patronise you by posting them if they aren't your straightforward USB sticks D

ReplyQuote
Posted : 16/08/2016 1:03 pm
lasvegascop
(@lasvegascop)
Member

Ok, I apologize,
I need to rephrase my issue. All my "devices" are E01 images.

a complete physical image was created of the original device.

Is there anyway that the serial number would have been extracted from the E01.
FTK imager was used to do a physical copy.

ReplyQuote
Posted : 16/08/2016 8:38 pm
mcman
(@mcman)
Active Member

1. One feature is sorting the pictures by size, or any value. You can sort in list view but when you change to icon, or gallery view, the sorting is returned to whatever Axiom defaults to, and there is no way to resort.

You can do this already. Go to thumbnail view, select Pictures, then right-click and sort by whatever value you want to sort on. Obviously it's easier when you can just click on the column but in thumbnail view, we added it as a right-click since there are no columns to represent the data in that view.

2. another feature that I am trying to figure out as we speak, in their help file Axiom explains how to tell what devices (USB) have been plugged into a computer by s#, dates, times, etc, but apparently Axiom does not glean that information from the USB devices themselves.

So for this, the info isn't normally stored on the actual devices, the Windows OS typically controls this info. Which is why we'll pull it from the installed OS. This is handled a little differently since I assume they're not bootable with an OS installed on them and just have one or more logical volumes on it. Not all USB mass storage devices actually have a physical serial number tied to it. Windows will try to use it if it's there, otherwise it will create it's own unique serial to identify different device connections.

You mentioned that you have images of the actual USB devices? Even if there are physical serial numbers associated to it, it's not always in the VBR (or MBR depending on the device) which is all your E01 image will have. You may need a separate tool to read the physical chip on the USB. I tend to use usbview.exe as a separate tool to read USB physical devices. It's free and worth a shot.

Hope that helps, feel free to reach out with any more questions or suggestions.
Jamie McQuaid
Magnet Forensics

ReplyQuote
Posted : 16/08/2016 11:41 pm
jaclaz
(@jaclaz)
Community Legend

You mentioned that you have images of the actual USB devices? Even if there are physical serial numbers associated to it, it's not always in the VBR (or MBR depending on the device) which is all your E01 image will have. You may need a separate tool to read the physical chip on the USB. I tend to use usbview.exe as a separate tool to read USB physical devices. It's free and worth a shot.

Yep, the serial is embedded in the controller, there are several tools that can read the serial, I would recommend the nice Nirsoft one
http//www.nirsoft.net/utils/usb_devices_view.html
though it is usually a good idea to also know the chip manufacturer and actual controller in the stick (or USB bridge) using more specilized tools *like* those listed here (Russian page, use Google Translate or similar)
http//www.usbdev.ru/articles/thestart/

jaclaz

ReplyQuote
Posted : 17/08/2016 1:24 am
Page 1 / 3
Share: