An Update on Magnet AXIOM Processing Speed Performance
With the release of Magnet AXIOM 1.1, we’re pushing performance to be better than ever. About six months ago, we took a look at the Magnet AXIOM processing speed improvements, and now, in honor of AXIOM 1.1 and a year’s growth of our investigation platform, we thought we would update the numbers a bit.
Even though we were able to reduce the time it takes to process and acquire devices in AXIOM to IEF processing times – pretty good, considering AXIOM carves and parses artifact data, retrieves file system data, and indexes keywords for incredibly fast searches during analysis – we still wanted to maintain focus on getting that time down even further, all while adding new features and artifact support.
Consistent Updates with Customer Feedback
AXIOM has had 12 releases in the last year, each with a number of new features and with new artifacts supported. In each release, the team made it a priority to conduct performance testing and to find new ways to improve processing times. In fact, customer feedback on AXIOM’s performance actually drove our engineers to build and implement a data and performance testing engine for our products.
Magnet AXIOM 1.0.6: the AHA! Moment
One of the major performance breakthroughs in Magnet AXIOM processing speed performance we had was when we realized that our keyword indexing was adding to the time it took for AXIOM to extract images and then parse and carve them for data. Many tools will apply keyword indexes as each artifact is selected and searched for. This can add a bit of time to processing separate artifacts.
In AXIOM, an examiner can choose to search for all artifacts. When that happens, AXIOM indexes keywords for all the artifacts. This is a really great benefit later in the examination stage, as searching will be incredibly fast, and time is of the essence. But in our effort to speed up analysis, we created a cost in processing times.
We happen to have a great development team here at Magnet Forensics and they were able to keep our indexed keyword searches during processing and still make up for the deficit of time. And they did all that in less than six product updates!
The Proof is in the Magnet AXIOM Processing Speed Performance Metrics
Below, you can find charts showing performance tests on SANS images from courses FOR408 Windows Forensic Analysis or FOR508 Incident Response and Threat Hunting in AXIOM and IEF. These examples are generally larger than our usual images and show the number of results obtained in the time measured in AXIOM. On average, we’re thrilled to find that users are getting information in 30% less time.
We also featured some tests comparing AXIOM’s results to those in IEF and were happy to report that speeds were even faster in AXIOM:
We’re Always Striving for Better
At Magnet Forensics, our products are as great as they are because our customers help us make them better. We’re always listening to customer feedback and taking different use cases into consideration. So please, keep your suggestions and requests coming — we listen to every single one.
If you haven’t had a chance to try AXIOM, or you haven’t tried it since its initial release, request a free 30-day trial version of the software, or see AXIOM in action and have one of our representatives give you demonstration.