With the latest version of Binalyze AIR, you can export endpoints, case information, timelines, and audit logs to CSV.
How does it work?
Click on the new export button and AIR will collect the data and start the download.
You can apply filters to export selected data.
Exporting makes it easier to integrate AIR into your existing investigative workflows, reporting, and audit processes.
Elastic Stack (ELK) and Sumo Logic
Having Binalyze AIR integrated into your SIEM allows you to react in real-time by starting a forensic acquisition on the endpoint whenever there is a suspicious activity detected by the SIEM. By creating a simple rule, AIR acquires evidence and stores it in the chosen evidence repositories.
With this release, we incorporated Elastic Stack (ELK) and Sumo Logic integration out-of-box to make daily DFIR duties more manageable and efficient.
You can now trigger an AIR acquisition directly from your favorite team collaboration app without having to go to the AIR console. AIR will automatically start the acquisition and once completed you can find the acquisition report in the AIR console.
In the past month we released a new version of DRONE that includes the following new features:
Diffing feature - this brand new mode makes it possible to compare a DRONE analysis to a baseline and list the differences between the two
Keyword & Hash Search -import keyword had hash lists from a file to automatically highlight matches in your search
With the latest version of Binalyze DRONE, you can compare two Case(.ppc) files and highlight the differences between them.
How does it work?
It compares the base (clean) image with the latest image taken and highlights all the changes for the analyst to review.