We are excited to announce the release and general availability of Binalyze AIR 2.7.0
The team continues to work hard toward our goal of delivering cyber resilience with DFIR. We thank all our customers, partners, and stakeholders for their continued support and vital feedback which continues to guide the development of AIR.
This release is another big step towards delivering proactive forensics to enterprises at speed and scale with the introduction of macOS support, standalone collectors for ChromeOS & ESXi, and some cool enrichments and fixes.
Start Collecting Evidence from macOS in Seconds
The growth in Mac device adoption within our enterprise customer base, which is particularly evident in the North American and European markets, means the time is right for Binalyze to add macOS support to AIR.
As adoption increases so do the threat of cyber attacks targeting Mac devices. This is driving a growing demand for Mac forensics. However, compared to Windows and Linux, macOS has been something of a closed box for forensics investigators, proving hard to collect and analyze evidence during the course of an ongoing investigation or suspicious activity.
From this release customers with Mac endpoints, both Intel and ARM based, are now able to collect digital forensic evidence for more than 20 evidence types, with just a few clicks, remotely from their AIR console. In each subsequent release, we will be adding to this initial capability to deliver the most comprehensive Mac digital evidence collection product on the market.
In 2.7.0 we are adding the capability for the following evidence types:
Standalone Collectors for ChromeOS and ESXi
One-Click Evidence Collector for Chromebooks
Figure 2: Standalone collector for Chromebooks
With Binalyze AIR's latest version we introduce a 1-click evidence collector for Chromebooks. Tactical for Chrome is the fastest and easiest way of capturing forensic evidence from Chrome browsers. It runs as a chrome extension or you can download the extension for offline evidence acquisition.
Start Acquiring Evidence from ESXi now
Figure 3: Standalone collector for ESXi
Although ESXi servers might seem typical Linux servers, they are not, and therefore their forensic procedure is quite different especially when it comes to identifying suspicious activities. With Binalyze AIR 2.7.0, VMWare experts and forensic professionals who are looking for forensically sound data can now use our stand-alone ESXi evidence collector to ease the burden of their day-to-day investigations.
In this release we have made a number of enhancements:
Case selection is now optional with an Enterprise or MSOC license
API now includes endpoints for Repositories, Baseline, Case, and Organizations (Docs)
Improved the retry process for interACT’s get and put commands
In this release we have made a number of fixes:
Fixed issue with downloading files with special characters via interACT
Fixed acquisition history graph on the dashboard
Fixed other minor functionality and UI issues
Fixed UTC time mismatch in DRONE for Windows event logs and event records
Fixed DRONE stability issue when using keyword search
You can check the full list of release notes here.
Want to learn how Binalyze can speed up your incident response processes with proactive forensics, try Binalyze AIR for Free Now!