Acquisitions in Minutes
Evidence acquisition is completed in under 10 minutes (average) instead of hours or days using legacy tools.
Built on our proprietary IREC engine, collecting digital forensic evidence from any endpoint on your network is just a few clicks on the AIR management console, and is completed in minutes.
Over 150 different evidence types, parsed and presented in a single report. AIR’s case report is a self-contained HTML/JSON file that can be easily shared between analysts.
We collect more than 80 different types of system evidence in the following categories.
Event Logs Evidence
Process Execution Evidence
We collect over 70 different system artifacts in the following categories.
Microsoft App Artifacts
Developer Tools Artifacts
In addition to the 150+ evidence types collected, custom content profiles (path/pattern based) can be defined for specific evidence requirements.
With AIR you can also capture network traffic at the endpoint level.
Network Flow captures the TCP and UDP connections.
PCAP captures the individual network IP packets for detailed network forensics.