Hey everyone,
Just want to jump in here to provide some context and info.
There is a large list of features we have planned to add, including all of the items mentioned so far (exporting a folder listing, for example). We are far from "done" with AXIOM and this is just the beginning.
Jad
This may be wrong but to be quoted $1000 for the upgrade to axiom, and a SMS for $1200 is to me extremely high for a program where you still are adding many of the basic features such searching multiple keywords at the same time. IEF works better when I was quoted, when I saw the axiom booth at one of the shows I most of my question/features where that may be added down the road. For $2200 I don't need a software where features are missing and may be added down the road.
Maybe in a year axiom may be worth it. Just my opinion at the state when I saw axiom.
The Volume serial is a documented field in most filesystem specs, the issue here is that it is not much used to identify the device in the Registry.
In the VBR, Volume Serial is
FAT12/16 Offset 0x27 4 bytes
FAT 32 Offset 0x43 4 bytes
NTFS Offset 0x48 8 bytes[1]
The volume serial number (for FAT) is derived from current date (the algorithm for NTFS is seemingly not) which in some cases can be useful, see
http//
http//www.forensicfocus.com/Forums/viewtopic/t=2134/
A partitioned device has (on Windows NT systems only[2]) a Disk Signature which - though outside any actual official documentation - is instead used in the Registry for assigning drive letters.
BOTH are however "volatile" in the sense that they can be easily re-written or modified by the OS and thus by the user, particularly the Volume serial is re-written when you format the volume (even if you use quick format) automatically.
The device serial of a USB stick, being instead embedded in the controller programmable memory is a bit tougher to change/overwrite as a specific "manufacturer tool" is usually needed for doing that, as such it is more "stable".
jaclaz
[1] although most tools report the NTFS volume serial as a 32 bit value (4 bytes) it is actually 64 bit (8 bytes)
[2] Something that might be of use in some (very rare) cases is that most non-Windows-NT Operating Systems standard tools do not write the Disk Signature when partitioning a disk-like device while since all Windows NT systems use that signature to identify the device, as soon as you connect the device to a running Windows NT OS it will write it if it is 00000000 (or if it has a collisionwith another already connected device, an extremely rare case, that in practice only happens with "clones")
License renewal time for IEF and I see that it's now developed into a product called Axiom, with an attendant price rise.
I'd be interested in honest feedback on Axiom from those who've used it. Is it the next big thing? Or is it like when FTK went from 1.7 to 2 or EnCase from version 6 to 7?!
Thanks.
Jonathan
Axiom is an involution of IEF….. ?
I tried 3 different images on 2 different workstation. IEF parsed the images in 5-6 hrs. Axiom after 6 hrs was still at 25% of the "File scanning" (unallocated and VSS were not completed yet). I had to kill it after 2 days. So far stick with IEF, looks like we have another "FTK 2"…
My experience has been negative. I personally think Magnet should get the product ready before rolling it out
There is a large list of features we have planned to add, including all of the items mentioned so far (exporting a folder listing, for example). We are far from "done" with AXIOM and this is just the beginning
The product is also becoming too expensive for what it does and I think they may be misreading the market.
@Lucio, sorry you had that experience, it's not typical of what we've been seeing in-house or hearing externally. I sent you a PM for more details, please reach out when you can and we'll track down your issue.
@badgerau, we did feel it was ready as an initial release of the product, but no product is ever totally complete and we follow the Agile methodology in our development ( http//
We are actively listening to feedback to understand which features people want beyond what we already have and the feedback has been very positive so far on where we're at (and pricing, especially compared to other tools on the market). I'm sorry your experience hasn't been as good and would love to chat more to hear what you feel is missing. Please feel free to email or PM me and we can set up a call or chat over email. Thanks!
Jad
Reviving this from the end of last year, just wondered if anyone has since put Magnet Acquire through its paces for computers and done any comparison with other imaging programs - would be interested in any feedback! We are looking to upgrade to AXIOM.
I am also interested in others experience since renewal for IEF is coming up. I did try the 30day trial after it first released and wasn't impressed for the extra 1k. What I don't understand is it seems all the new features are going into Axiom and IEF is being left behind. That is just how it seems since the release and if I am wrong about that let me know. I think I recall even being told Axiom does everything IEF does and a lot more. Its for sure "was" a lot slower at that time which was not good. It reminded me of FTK's slow case processing. I like IEF and understand both will continue to exist for some time. I haven't see anyone discuss what the future is for IEF would be nice to know. I don't think asking for us to buy Axiom to replace IEF is really a good marketing strategy. How many 30 day trials can we sign up for ? I assumed it would be a 1 time thing so we have to rely on others to post their experience to know if its has improved since its release. I have used the Magnet imaging tool for mobile devices or at least the ones I have been able to acquire a few failed for unknown reasons.
If you compare IEF (AXIOM)'s reports with forensic reports of other forensic tools, you will discover what IEF (AXIOM) misses a lot of forensic artifacts. IEF (AXIOM) may be good for "click forensics", but they aren't good for forensic professionals.
I have used the Magnet imaging tool for mobile devices or at least the ones I have been able to acquire a few failed for unknown reasons.
Thanks for the responses; have you used Acquire to image HDD's and SSD's? Any comments on performance in comparison to FTK Imager or EnCase etc? I recall a while back when Eric Zimmerman tested several imaging programs, was interested if anyone has put Acquire through similar tests!
If you compare IEF (AXIOM)'s reports with forensic reports of other forensic tools, you will discover what IEF (AXIOM) misses a lot of forensic artifacts.
No one tool is perfect, there's always room for improvement which is why we utilise several tools for analysis.
Will be attending the Magnet's user summit in May so hopefully will be able to check out the latest developments!
I have a case which contains 6 800 000 artefacts. AXIOM is not able to create the portable case and the HTML report of the case!!! evil