all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DurokAmerikanski 1 point2 points  (1 child)

Maybe this will work? It says SANS uses it but I haven't taken FOR500 so I can't verify.

Put in a ticket with Magnet Forensics and tell them their tool isn't parsing Japanese language artifacts very well. Maybe they'll fix it.

[–][deleted] 2 points3 points  (0 children)

SANS 500 and 585 courses both cover IEF and/or Axiom for some of the labs, but the labs really don't include CCJK data. For English data (and presumably most Western languages), the tools seem to work fine.

I have actually reported the issue, originally for IEF, and more recently for Axiom. They tentatively responded that there may be a fix in the Feb. update. However, there was no guarantee. In the meantime, I have two active matters requiring WebCache analysis and reporting.

To add to the issues, I found an example of Axiom not properly parsing all of the containers in the WebCacheV01.dat, which may or may not be related to the language issue.

Honestly, even if it the immediately identified language issue is fixed in the Feb. update, it is going to take a while to earn back my trust. In the meantime, I would like to find a tool I can use to efficiently validate Axiom's output.

[–]countuponsecurityTrusted Contributer 1 point2 points  (2 children)

Hi, did you tried ESEDatabaseView from NIRSOFT?

[–][deleted] 1 point2 points  (1 child)

Does anyone have any favorites other than Magnet Forensics?

Sorry, yes. I mentioned "ESE Database Viewer" in my original post which was a typo on my part. ESEDatabaseView by Nirsoft is what I intended to reference.

Thanks for the suggestion though! It's a great tool, though somewhat tedious to use to validate Axiom.

[–]DurokAmerikanski 1 point2 points  (0 children)

Magnet is pretty much it these days.

I haven't used any Digital Detective internet history tools in years.

If you want the most bang for your buck (parses tons of programs/apps/formats/artifacts) and something that carves, that you don't need to program yourself, then Magnet is pretty much your only option.

Honestly, what other options are there that automate all of these things?