<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3026858&amp;fmt=gif">


Lightning Fast, 24/7 Assisted Compromise Assessment Tool.

Free Delivery


DRONE 32gb USB Dongle

Add powerful evidence acquisition, analysis and compromise assessment to your toolkit today.



Binalyze DRONE is our assisted compromise assessment solution.

When deployed to an investigation, either from within AIR or as a standalone USB dongle, DRONE reviews all the available forensic evidence and returns its finding in just a few minutes, providing an ultra-fast early case assessment.

With its multi-functional and modular architecture DRONE is like having a senior DFIR analyst instantly available to review your cases, at any time of the day or night.

DRONE USB Dongle in Tower UI Mode
Providing Cyber Resilience to World-class Enterprises Globally
PwC Garmin Sophos Turkish Airlines KPMG EY Deloitte Turkcell Integrity360

Modular Analysers

DRONE includes more than 20 modular analysis pipes, each tasked to review, score and report on a specific aspect of the digital evidence.

analyze digital evidence

YARA & Sigma Scanners

DRONE comes embedded with a customisable YARA ruleset. In addition to this, DRONE also performs SIGMA scanning on the live endpoint.

YARA and Sigma scanning on a live endpoint

Keyword Search

Perform powerful and lightning-fast keyword, regex, and wildcard searching on all your digital evidence.

Powerful and flexible keyword searching for digital evidence analysis

Proprietary Findings

DRONE utilises a system of proprietary scoring algorithms to present labelled findings and verdicts that are easy to interpret and act on.

scoring digital evidence

Enriched Reports & Timelines

All of DRONE’s findings are overlaid on our comprehensive case reports and timelines (AIR only) to guide your analysts in their investigation. Individual events of interest can be flagged as significant and provided as a PDF, HTML or JSON report.

We collect more than 80 different types of system evidence in the following categories.

  • Disk Evidence

  • Memory Evidence

  • Browser Evidence

  • NTFS Evidence

  • Registry Evidence

  • Network Evidence

  • Event Logs Evidence

  • WMI Evidence

  • Process Execution Evidence

  • Miscellaneous Evidence

AIR Evidence List


We collect over 70 different system artifacts in the following categories.

  • Server Artifacts

  • Microsoft App Artifacts

  • Communications Artifacts

  • Social Artifacts

  • Productivity Artifacts

  • Utility Artifacts

  • Developer Tools Artifacts

  • Cloud Artifacts

Artifacts Evidence List


In addition to the 150+ evidence types collected, custom content profiles (path/pattern based) can be defined for specific evidence requirements.

Custom Evidence Acquisition