Skip to the main content.

Evidence Acquisition

Lightning Fast Evidence

Built on our proprietary IREC engine, collecting digital forensic evidence from any endpoint on your network is just a few clicks on the AIR management console, and is completed in minutes.

fast digital evidence acquisition

Acquisitions in Minutes

Evidence acquisition is completed in under 10 minutes (average) instead of hours or days using legacy tools.

Remote & Scalable

Once deployed across your network, endpoint tasks and actions can be run concurrently and at scale.

Compress & Encrypt

Acquired evidence can be compressed to save storage resources and encrypted to AES-256 military-grade encryption standards.

Evidence Repositories

Evidence can be stored on the local machine, an attached removable drive, a network location, an SFTP server, SMB share or Cloud repository on Amazon or Azure.

Forensically Sound 

AIR’s unique features ensure acquired evidence is timestamped and ransomware shielded to maintain forensic integrity.

Proactive Posture

Leverage the power of digital forensics proactively by scheduling evidence acquisition and triggering tasks from other security systems.

We collect more over 130 different types of system evidence in the following categories.

  • Disk Evidence

  • Memory Evidence

  • Browser Evidence

  • NTFS Evidence

  • Registry Evidence

  • Network Evidence

  • Event Logs Evidence

  • WMI Evidence

  • Process Execution Evidence

  • Miscellaneous Evidence

  • SSH Evidence

  • Users Evidence

  • File System Evidence

  • Configuration Evidence

AIR Evidence List


We collect over 90 different system artifacts in the following categories.

  • Server Artifacts

  • Microsoft App Artifacts

  • Communications Artifacts

  • Social Artifacts

  • Productivity Artifacts

  • Utility Artifacts

  • Developer Tools Artifacts

  • Cloud Artifacts

  • Docker Artifacts



In addition to the 260+ evidence types collected, custom content profiles (path/pattern based) can be defined for specific evidence requirements.



With AIR you can also capture network traffic at the endpoint level.

Network Flow captures the TCP and UDP connections.

PCAP captures the individual network IP packets for detailed network forensics.



Ready to try AIR?

No strings attached.


Trusted by Enterprises Worldwide
logo-customers-pwc logo-customers-garmin logo-customers-sophos logo-customers-thy logo-customers-kpmg solis-security logo-customers-ey logo-customers-deloitte logo-customers-turkcell elisa-logo-4 logo-customers-integrity360