X-Ways and NetAnaly...
 
Notifications
Clear all

X-Ways and NetAnalysis and IEF

11 Posts
7 Users
0 Likes
1,630 Views
(@roncufley)
Posts: 157
Estimable Member
Topic starter
 

I use X-Ways Forensic as my main analysis tool but am considering if I should buy NetAnalysis by Craig Wilson and/or Internet Evidence Finder in addition. Any views as to overlap or unique functions would be welcome.

Ron Cufley

 
Posted : 02/03/2018 11:01 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

Yeah I'd stay away from Netanalysis, it was good in previous times (probably over 5 years ago) but it hasn;t kept up with the pace of change in too many areas.
IEF/Axiom is a good choice and easily preferable to Netanalysis

 
Posted : 03/03/2018 9:35 am
(@chris55728)
Posts: 49
Eminent Member
 

Hi Ron,

Given the choice between NetAnalysis and IEF I'd go for the latter.

As minime2k9 said, NetAnalysis was good a few years back but IEF has come on leaps and bounds since it was first released and has overtaken NetAnalysis in all areas.

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

The thing is, some people just want the functionality of IEF, not all the bells and whistles that AXIOM provides. I wish they'd market AXIOM as the 'new' IEF and which you could purchase and then have the imaging, data analysis and reporting aspects as separate 'modules' that you could purchase individually if you needed them. Not everyone wants or needs everything that AXIOM provides yet they have to pay for it regardless.

Please don't think this is me Magnet-bashing. I've been using IEF for years now (from when it was published by JAD Software) and whenever I've logged calls with them they've been on the ball and prompt in their responses, they release updates on an almost monthly basis and the software does what it says on the tin. I still think they're going to phase out IEF and their documentation sometimes lags behind the artefacts that IEF recovers but overall I rate IEF.

Cheers.

 
Posted : 05/03/2018 7:42 am
(@mcman)
Posts: 189
Estimable Member
 

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

We have no plans to discontinue IEF anytime soon and we still do monthly updates to both IEF and AXIOM. You may see more analysis tools and unique features go into AXIOM but from an artifact standpoint, we update them both on an equal pace.

Honestly, we built AXIOM because there were a lot of people who wanted features (acquisitions, file system/registry views, artifact indexing, connections, etc.) that the codebase for IEF couldn't handle but if you're looking for none of the bells and whistles, just the artifacts, IEF isn't going anywhere.

Jamie McQuaid
Magnet Forensics

 
Posted : 05/03/2018 2:17 pm
(@randy_randerson)
Posts: 24
Eminent Member
 

Bunch of words.

Chris, I totally get what you're saying and as someone not even remotely close to being affiliated with Magnet I don't think you're looking at it from the perspective of a company or business in general.

When we moved from IEF to Axiom, we did so because it had all the functions we wanted to streamline imaging and processing over the weekend so my people didn't have to remote in on days off to keep a case moving. I am also of the mentality that it is very bad for business to nickel and dime out your modules to your customers by having them go through a catalog of what they want and then charging based on that. If I don't wanna use the imaging feature, I don't use it. But there may be times that I will want to. This is something I've seen companies like AccessData and even Guidance do this with their software. Guess what isn't used in my lab anymore?

 
Posted : 05/03/2018 7:29 pm
Adam10541
(@adam10541)
Posts: 550
Honorable Member
 

If you need to examine browser artifacts, messaging applications Magnet Axiom is good but slow. I didn't use netanalysis, but their file carver (Blade) is handy. I'd also try Forensafe Analyser for the same issue, really fast, much cheaper but does not have as many artifact types as Axiom. There is also Belkasoft Evidence Center.

You mention Forensafe, which looks interesting but it doesn't appear it's available yet? Or if it is there is no links etc on their webpage to suggest pricing or download demo's etc..

 
Posted : 06/03/2018 6:47 am
(@chris55728)
Posts: 49
Eminent Member
 

However, with the release if AXIOM, which does imaging, data recovery (the IEF 'bit'), data analysis and reporting, I get the impression that Magnet will soon be releasing fewer and fewer updates to IEF, to the point where it's phased out, which will force people down the AXIOM route.

We have no plans to discontinue IEF anytime soon and we still do monthly updates to both IEF and AXIOM. You may see more analysis tools and unique features go into AXIOM but from an artifact standpoint, we update them both on an equal pace.

Honestly, we built AXIOM because there were a lot of people who wanted features (acquisitions, file system/registry views, artifact indexing, connections, etc.) that the codebase for IEF couldn't handle but if you're looking for none of the bells and whistles, just the artifacts, IEF isn't going anywhere.

Jamie McQuaid
Magnet Forensics

Hi Jamie,

I hope you weren't offended by my comments, I think I probably had my cynical hat on when I wrote the reply which probably wasn't the best of ideas! Thank you for putting my fears to rest.

Cheers.

 
Posted : 06/03/2018 7:09 am
(@chris55728)
Posts: 49
Eminent Member
 

Bunch of words.

Chris, I totally get what you're saying and as someone not even remotely close to being affiliated with Magnet I don't think you're looking at it from the perspective of a company or business in general.

When we moved from IEF to Axiom, we did so because it had all the functions we wanted to streamline imaging and processing over the weekend so my people didn't have to remote in on days off to keep a case moving. I am also of the mentality that it is very bad for business to nickel and dime out your modules to your customers by having them go through a catalog of what they want and then charging based on that. If I don't wanna use the imaging feature, I don't use it. But there may be times that I will want to. This is something I've seen companies like AccessData and even Guidance do this with their software. Guess what isn't used in my lab anymore?

Hi Randy,

I agree with you. From a business point of view it certainly makes more sense to have a single price for a product and is less grief for the consumer when making the purchase. I was looking at it from perhaps the naive viewpoint of an end user wanting a specific product for a specific price. When budgets are tight and you already have/use products that do imaging for example, why pay for another product that does what you need it to do but also has extra features that you're, more than likely, never going to use?

Having said that, AXIOM does allow command line switches so, as you said, I guess it is possible to automate imaging and a degree of processing which means out of hours time can be better utilised to keep jobs moving. Given the workload that we have where I work, this type of feature will be invaluable.

Cheers.

 
Posted : 06/03/2018 7:25 am
(@randomaccess)
Posts: 385
Reputable Member
 

The thing is, some people just want the functionality of IEF, not all the bells and whistles that AXIOM provides. I wish they'd market AXIOM as the 'new' IEF and which you could purchase and then have the imaging, data analysis and reporting aspects as separate 'modules' that you could purchase individually if you needed them. Not everyone wants or needs everything that AXIOM provides yet they have to pay for it regardless.

I'm with you on this more or less.

Magnet makes Acquire, IEF, and AXIOM, with the latter incorporating and building on the previous.
It would be great if AXIOM without a license allowed for acquisition, with an IEF license just internet artefacts, and then AXIOM gets you what you get now.

It's a great product, but some people don't need the extra features found in AXIOM just yet. Having it in their hands for the acquisition and internet processing capabilities may even result in more sales because people will already have the product.
Also, whilst I understand that the backend is updated with each release, I don't think things like IEF Timeline are going to be improved with the same vigor as AXIOM's GUI.

just my 2c

 
Posted : 06/03/2018 9:59 am
(@mcman)
Posts: 189
Estimable Member
 

Hi Jamie,

I hope you weren't offended by my comments, I think I probably had my cynical hat on when I wrote the reply which probably wasn't the best of ideas! Thank you for putting my fears to rest.

Cheers.

Not at all Chris ), just figured I'd weigh in letting everyone know that we continue to support IEF as we do often get questions about it.

Jamie

 
Posted : 06/03/2018 2:05 pm
Page 1 / 2
Share: