June 2021 Binalyze Product Updates

Welcome to our monthly product updates roundup! Here’s a rundown of the new features and solutions we released in the past month that you can now take advantage of. 

Meet ACQUIRE and TACTICAL

In the past month we released two new products to our lineup to cover all your evidence collection needs; ACQUIRE, a forever free digital evidence acquisition tool, and TACTICAL, the ultimate upgrade of IREC.

ACQUIRE gives you the following product feature highlights:

• FREE forever

• Powered by our IREC Engine

• One-click installation and setup

• Collect 40 types of digital evidence

• Evidence collection time under 10 mins

• Detailed investigation report (JSON / HTML Format, Export to XLS / CSV / PDF)

• Unlimited no. of investigations

• Ransomware shielding

You can download it now from www.binalyze.com/acquire.

TACTICAL – The Ultimate Evidence Collector for Incident Response

Designed as a natural successor to IREC, TACTICAL collects more than 150 types of digital evidence in less than 10 minutes. In addition, it comes with new features such as offline mode and remote evidence acquisition.

Here are the product feature highlights:

• Powered by our IREC Engine

• One-click installation and setup

• Collect 150+ types of digital evidence

• Evidence collection time under 10 mins

• Detailed investigation report (JSON/HTML Format, Export to XLS / CSV / PDF)

• Ransomware Shielding 

• Command-line execution

• Offline mode

• Available as a hardware dongle or soft license

• Perpetual license and PAYG options

You can download it from www.binalyze.com/tactical

New in Binalyze AIR v1.7.50: Enriched Timeline with CSV import

After the first release of our Timeline feature, we started getting good feedback regarding the ease of use, simple UI/UX, and robust feature set. Along with that, we also received quality feedback for further enrichment of the timeline feature, so the first in line was – CSV import.

With the latest AIR release, we have enriched the Timeline capability with the CSV import feature that gives you the possibility to upload your own CSV file and start analyzing the uploaded data on your AIR Timeline. These CSV files can be collected from your cloud platform, firewall logs, or anywhere else. The source doesn’t play any role here. The important thing is that you can upload and start analyzing CSV files quickly and in a simple, collaborative way.

You can download the new version on product page.

DRONE BETA Release v1.3.0: Headless CLI mode

DRONE v1.3.0 release highlights:

• Events of interest/ Watchlist

• Syslog enhancements 

• Headless CLI mode

• Sigma rules attributions

Events of interest/ Watchlist

Starting from this version, you can provide a list of events for your investigation, and DRONE will automatically enumerate them in the provided time frame. 

Now you can have your watchlist of events that you want to prioritize when you investigate a case. 

The supported time units are day, week, month, and year.

Syslog enhancements 

With this version, you can submit all your findings to your Syslog server when you run DRONE from the command line. This automates your investigation process even more by giving you the possibility to run DRONE remotely, integrate it with your Syslog server and collect all the findings in one central location. 

Headless CLI mode

With this version, you can entirely execute DRONE from the command line. By default, the outputs will be saved to a JSON file and the command line. 

Sigma enhancements

From now on, we support Sigma repositories, publicly available Sigma rules embedded into DRONE. Typically, these Sigma rules are designed to be executed or scanned on SIEM logs but with DRONE, you can find these IoC’s on a live machine. 

How to get the new version?

If you already have DRONE, just execute the product, and it will automatically download the new version to use the new feature set right away.

If you would like to try DRONE for the first time, please visit www.binalyze.com/drone.

Which of these new updates and solutions will you be trying today? See you next month for more.