Well my tests were conducted on the same computers that I use to process cases with IEF, being a Dell Workstation Desktop ( 36 core Xeon +128GB Ram) and Dell Workstation Laptop.
I am not imaging and processing at the same time. I used an EO1 image and processed this selecting Indexing, hashing and all artefacts. Axiom crashed twice.
I then switched to another machine and deselected Indexing and Hashing. Axiom completed the processing albeit slowly.
Axiom did leverage all the processor cores.
I acknowledge that Magnet monitor the forums and have suggested we get in touch with their engineers to find a fix, but the whole idea of testing a product that is that is should just work without needing support calls to get it to work.
I have been very happy with IEF and this is why I keep testing Axiom. If there is advantage to upgrade I am open to spending more for these new features. I joined in this post to learn of others experience and to understand why I am getting these results when others seem to be enjoying the product.
My experience mirrors everyone else's
Internet Evidence Finder continues to be my go-to tool for first pass analysis.
My main complaint is that, although I only wanted to purchase maintenance for IEF, I definitely felt pressured to purchase Axiom, which I eventually did. I asked for a simple IEF maintenance renewal contract multiple times with no results.
My own pure speculation is that internal to Magnet Forensics, the sales team has been told to push Axiom over IEF; this is based only upon my suspicions and nothing else.
For my cases, I typically use the following methodology
1) Create an IEF database to identify and flush out "low hanging fruit"
2) Create Forensic Explorer and OSForensic databases to perform "low level" forensics based upon what IEF has identified.
By creating three databases with three different tools, I feel I have met a good standard of care for analysis.
Sometimes all three tools (IEF/Forensic Explorer/OSForensics) identify the same results, but sometimes one of the tools will flush out a unique result. Running the unique results to ground has oftentimes uncovered key evidence.
So, whilst I clearly understand the strategic decision to develop Axiom, I will still run multiple different tools on my cases as doing so has provided exceptional results.
Hey folks,
Appreciate all the comments here and performance is something we are continually focused on and working to improve. I think there's a few things that might be going on here
- you might have used an older version of AXIOM that didn't have the performance improvements available in the latest version
- you are storing your cases on a network share or network attached storage. AXIOM is more "active" than IEF (more reads/temp files created) and this will cause a worse experience over the network than you would have with IEF (although both are MUCH faster when the case is locally stored, ideally on an SSD drive). This is something we're working on and will have some big improvements in the next couple months.
- the way AXIOM operates causes you to perceive that IEF is faster, because the UI and progress/status indicators are different
This last point is a tricky one but we're working on improving the perception of performance as well as the real performance. I wanted to test this for myself (AXIOM vs IEF performance) so I took a drive with "real world" data on it (in use for ~4 years, nothing special done for this testing) and ran it through the latest version of IEF and AXIOM and compared processing time as well as some common operations on the analysis/examination side (keyword searches, filters, loading timeline, etc). You might be surprised by the results!
Please check out the blog post here http//
And if you have any comments or performance related issues please do reach out to me directly (jad (at) magnetforensics.com) so I can either assist or get more information that will allow us to improve the situation you are facing. I'd love to hear from you.
Best regards,
Jad
Magnet Forensics
http//
First of all, I think Axiom is a good tool and we always use the last version. We use a dual Xeon with 128GB Ram, SSD disks and RAID configuration.
We also detect a pefomance problem with Axiom Examine, specially when rewieving artifacts from a computer. Due this problem we are not using Axiom in cases with various computers or computers with disks bigger than 1TB, just for small disk.
Axiom Examine stores artifacts in a SqlLite database. It seems that AxiomExamine is build using comercial .NET Components. Perhaps the database queries are managed by this components and it isn't well tuned.
As I said the tool is good (algorithms to find artifacts) but it a pitty that Axiom Examine is not well developed. In recent times the company seems to be more focused towards mobile devices, recent versions of Axiom mostly incorporates mobile artifacts. The perfomance problem in Axiom Examine isn't so notorious when examining mobile devices because of devices capacity. I would like Magnet invest on solving the perfomance problems with Axiom Examine.
Hi jfranck,
I'll reach out to you directly to get more details on where you are seeing the performance issues, and what you're comparing us to. Thanks for your positive feedback as well.
We are definitely continuing to work on improving performance and I think you'll like what you see on the computer artifacts side in our upcoming release - stay tuned!
Best regards,
Jad
Hi jfranck,
I'll reach out to you directly to get more details on where you are seeing the performance issues, and what you're comparing us to. Thanks for your positive feedback as well.
We are definitely continuing to work on improving performance and I think you'll like what you see on the computer artifacts side in our upcoming release - stay tuned!
Best regards,
Jad
I send you more details by private message.
I'm not comparing Axiom with other tools.