Skip to the main content.

2 min read

Binalyze AIR Product Release 2.7.0

Featured Image

We are excited to announce the release and general availability of Binalyze AIR 2.7.0

The team continues to work hard toward our goal of delivering cyber resilience with DFIR. We thank all our customers, partners, and stakeholders for their continued support and vital feedback which continues to guide the development of AIR.

This release is another big step towards delivering proactive forensics to enterprises at speed and scale with the introduction of macOS support, standalone collectors for ChromeOS & ESXi, and some cool enrichments and fixes.

Start Collecting Evidence from macOS in Seconds


The growth in Mac device adoption within our enterprise customer base, which is particularly evident in the North American and European markets, means the time is right for Binalyze to add macOS support to AIR.

As adoption increases so do the threat of cyber attacks targeting Mac devices. This is driving a growing demand for Mac forensics. However, compared to Windows and Linux, macOS has been something of a closed box for forensics investigators, proving hard to collect and analyze evidence during the course of an ongoing investigation or suspicious activity.

From this release customers with Mac endpoints, both Intel and ARM based, are now able to collect digital forensic evidence for more than 20 evidence types, with just a few clicks, remotely from their AIR console. In each subsequent release, we will be adding to this initial capability to deliver the most comprehensive Mac digital evidence collection product on the market.

In 2.7.0 we are adding the capability for the following evidence types:

  • Auto Loaded Processes

  • Block Devices

  • Chrome Extensions

  • Crashes

  • Disk Encryption

  • ETC Hosts

  • ETC Protocols

  • ETC Services

  • Gatekeeper

  • Gatekeeper Approved Apps

  • Installed Applications

  • Kernel Extensions Info

  • Launched Overrides

  • Listening Ports

  • Package Install History

  • Print Jobs

  • Printer Info

  • Processes

  • System Extension Info

  • System Integrity Protection Status

  • User Groups

  • Users

Standalone Collectors for ChromeOS and ESXi

One-Click Evidence Collector for Chromebooks


Figure 2: Standalone collector for Chromebooks

With Binalyze AIR's latest version we introduce a 1-click evidence collector for Chromebooks. Tactical for Chrome is the fastest and easiest way of capturing forensic evidence from Chrome browsers. It runs as a chrome extension or you can download the extension for offline evidence acquisition.

Try Tactical for Chrome Now


Start Acquiring Evidence from ESXi now


Figure 3: Standalone collector for ESXi

Although ESXi servers might seem typical Linux servers, they are not, and therefore their forensic procedure is quite different especially when it comes to identifying suspicious activities. With Binalyze AIR 2.7.0, VMWare experts and forensic professionals who are looking for forensically sound data can now use our stand-alone ESXi evidence collector to ease the burden of their day-to-day investigations.

Try Standalone ESXi Collector Now!


In this release we have made a number of enhancements:

  • Case selection is now optional with an Enterprise or MSOC license

  • API now includes endpoints for Repositories, Baseline, Case, and Organizations (Docs)

  • Improved the retry process for interACT’s get and put commands


In this release we have made a number of fixes:

  • Fixed issue with downloading files with special characters via interACT

  • Fixed acquisition history graph on the dashboard

  • Fixed other minor functionality and UI issues

  • Fixed UTC time mismatch in DRONE for Windows event logs and event records

  • Fixed DRONE stability issue when using keyword search

You can check the full list of release notes here.

Want to learn how Binalyze can speed up your incident response processes with proactive forensics, try Binalyze AIR for Free Now!