Notifications
Clear all

AXIOM Cyber

13 Posts
7 Users
0 Likes
1,527 Views
(@bytesdigger)
Posts: 8
Active Member
Topic starter
 

Any of you guys played with AXIOM Cyber? I tried a early version of the beta… it was neat to get RAM remotely but it did not provide much more than that. The account rep at the time mentioned that they were looking at adding more feature. Seeing that they released the product, I'm wondering if the feature-set is more complete now.

Anyone here tried it? What does it give other than the live memory?

 
Posted : 01/02/2020 9:50 pm
(@dandaman_24)
Posts: 172
Estimable Member
 

Anyone here tried it? What does it give other than the live memory?

Try reading Magnets page on the product
https://www.magnetforensics.com/products/magnet-axiom-cyber/

 
Posted : 02/02/2020 9:33 am
(@bytesdigger)
Posts: 8
Active Member
Topic starter
 

I've read it, mostly marketing BS with lots of buzzwords. It doesn't say much about the product features and capabilities. I was hoping to hear a little more without having to talk to a rep… I get enough junk in my mailbox as it is!

Anyone here tried it? What does it give other than the live memory?

Try reading Magnets page on the product
https://www.magnetforensics.com/products/magnet-axiom-cyber/

 
Posted : 02/02/2020 9:54 pm
jpickens
(@jpickens)
Posts: 130
Estimable Member
 

Wonder if they'll begin supporting dongle-less licenses with this new version. Product brief doesn't say much.

 
Posted : 03/02/2020 2:19 pm
MagnetForensics
(@magnetforensics)
Posts: 40
Eminent Member
 

Anyone here tried it? What does it give other than the live memory?

Morning,

Happy to answer any questions the community has around AXIOM Cyber. In terms of what can be collected, as you mentioned we can grab live memory, both full RAM captures as well as specific processes, logical and physical file collection over a network connection. We also have targeted locations preset for quick selection and acquisitions from the end point under investigation (i.e. browser history, desktop collection, documents collection, MFT, and the PageFile to name a few).
Here’s a quick YouTube video on the network acquisition capabilities with AXIOM Cyber.

Network Acquisition with AXIOM Cyber

 
Posted : 04/02/2020 2:28 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Seen from the outside, it seems to me like there is a new product and prospective buyers for it are perplexed by the lack of documentation about its features, and the replies to these (IMHO legitimate) doubts is provided by means of
1) an AMA 😯
2) some generic "to name a few" meaningless list
3) a "quick" youtube video

Maybe, just maybe, producing a proper document about the features and licensing of this new tool might be more suitable, and would be a solution that would extend to other people (besides the forum members) that may have the same doubts.

Since the intended audience is made of professional investigators, already familair with the concepts, I believe that the document could even be in the "quick" form of a "cheat-sheet" or "check-list".

jaclaz

 
Posted : 04/02/2020 2:52 pm
(@mcman)
Posts: 189
Estimable Member
 

Wonder if they'll begin supporting dongle-less licenses with this new version. Product brief doesn't say much.

Yep there's a dongle-less option for cyber. There are machine license and I believe they're building out some other license server options as well.

Along with the remote agent capabilities already mentioned there's some additional cloud functionality as well. Admin access to services (O365/Gsuite/Box/Slack/etc…)

Maybe, just maybe, producing a proper document about the features and licensing of this new tool might be more suitable, and would be a solution that would extend to other people (besides the forum members) that may have the same doubts.

Fair feedback but it just launched and I'm sure they're still writing some of the documentation and marketing material for it. If you reached out to your rep, they might actually already have it available but not posted to the website.

In the meantime, here's a bunch of other videos that show it being used in different circumstances
Incident Response - https://www.youtube.com/watch?v=sDw18h03xI8
Remote Acquisition - https://www.youtube.com/watch?v=kLlHorQcmdI (previously linked)
Harassment Investigation - https://www.youtube.com/watch?v=8hoLpT5pMjM
IP Theft Investigation - https://www.youtube.com/watch?v=exPJRcvKItE
Fraud Investigation - https://www.youtube.com/watch?v=gurHvkKi2Xw
Employee Misconduct - https://www.youtube.com/watch?v=SAfnFDQqzGE

Hope that helps, feel free to reach out if you have any questions. I don't work on the sales side so you'll have to reach out to your rep for anything sales related but I can definitely help out on anything on the technical side.

Jamie McQuaid
Magnet Forensics

 
Posted : 04/02/2020 5:30 pm
MagnetForensics
(@magnetforensics)
Posts: 40
Eminent Member
 

Wonder if they'll begin supporting dongle-less licenses with this new version. Product brief doesn't say much.

Afternoon,
Please fill free to reach out to our team at sales@magnetforensics.com to learn more about our different licensing options!

 
Posted : 04/02/2020 6:10 pm
(@bytesdigger)
Posts: 8
Active Member
Topic starter
 

Couple questions about the file system collection component

1) Is the file collection more targeted to grab a few specific files or we can grab a large amount of data by doing a pull over the network? More specifically, is it a viable option to create a "triage image"? If so, how specific/granular can this get? Can I create my own definition of the files that needs to be pulled? Would timestamps of the evidence collected would still be reliable?

2) Can I do a full file system acquisition (with slack space and unallocated space)? I'm guessing not, since that would likely require some driver wizardry. If no, is it on the roadmap?

3) Is it possible to pull files that are being used on the target system? For example, would I be able to pull the .OST file of a user while they have outlook open? If so, is it transparent to the user?

4) Can it pull a protected system file? (Eg The SAM file)

Anyone here tried it? What does it give other than the live memory?

Morning,

Happy to answer any questions the community has around AXIOM Cyber. In terms of what can be collected, as you mentioned we can grab live memory, both full RAM captures as well as specific processes, logical and physical file collection over a network connection. We also have targeted locations preset for quick selection and acquisitions from the end point under investigation (i.e. browser history, desktop collection, documents collection, MFT, and the PageFile to name a few).
Here’s a quick YouTube video on the network acquisition capabilities with AXIOM Cyber.

Network Acquisition with AXIOM Cyber

 
Posted : 05/02/2020 12:38 am
(@mcman)
Posts: 189
Estimable Member
 

Couple questions about the file system collection component

1) Is the file collection more targeted to grab a few specific files or we can grab a large amount of data by doing a pull over the network? More specifically, is it a viable option to create a "triage image"? If so, how specific/granular can this get? Can I create my own definition of the files that needs to be pulled? Would timestamps of the evidence collected would still be reliable?

2) Can I do a full file system acquisition (with slack space and unallocated space)? I'm guessing not, since that would likely require some driver wizardry. If no, is it on the roadmap?

3) Is it possible to pull files that are being used on the target system? For example, would I be able to pull the .OST file of a user while they have outlook open? If so, is it transparent to the user?

4) Can it pull a protected system file? (Eg The SAM file)

1) For the collection you have a few options, you could grab full disks or volumes (not ideal over the network), single files or folders that you specify, or we have defined sets of targeted collections (such as all user profiles, $MFT, registry hives, etc… most common stuff you might need for investigations so it's pretty flexible. We don't allow for custom lists quite yet but it's on the list to allow users to customize and save those customizations. The timestamps would be maintained in most situations, artifact times and metadata timestamps always, and file system/MAC times get preserved as long as it stays within a container. If you just save individual files to your desktop or anything like that, normal MAC time changes would occur as you're transferring across volumes. Ideally you'd keep it in a container though most times anyway.

2) Yep, we'll do a full file system at the disk or volume level which would include slack and unallocated. It's basically a stream of the data so it will grab everything. Downside like most things over the network is that it's slow but otherwise works if that's what is needed. You can't grab unallocated as a single item logically but grabbing the volume will include it.

3) We can grab live files (actually we can even grab live processes from memory, which are always in use). Obviously if the file completely disappears in mid download because the user deletes it or something, it will fail or only get partial files but we'll do checks when we grab files so that it will allow you to retry if something fails or disappears. This shouldn't be noticed by the user at all.

4) We do get protected files on unencrypted drives right now but not quite yet on encrypted drives but that's being worked on as we speak so I would expect to see it added soon, just didn't make it in time for release but was definitely asked for as part of the beta so stay tuned for that one.

Hope that answers everything you asked, still a lot of things we want to add to it but works quite well with some unique ways to collect data from remote systems which should solve some pain points that you might have previously encountered when doing remote collections. Request a trial, give it a go and let me or someone else know what you think, we're always big on getting feedback from users and that typically dictates how we prioritize features and improvements.

Jamie McQuaid
Magnet Forensics

 
Posted : 05/02/2020 3:47 pm
Page 1 / 2
Share: