Binalyze DRONE is our assisted compromise assessment solution.
When deployed to an investigation, either from within AIR or as a standalone USB dongle, DRONE reviews all the available forensic evidence and returns its finding in just a few minutes, providing an ultra-fast early case assessment.
With its multi-functional and modular architecture DRONE is like having a senior DFIR analyst instantly available to review your cases, at any time of the day or night.
.webp)
Providing Cyber Resilience to World-class Enterprises Globally









Modular Analysers
DRONE includes more than 20 modular analysis pipes, each tasked to review, score and report on a specific aspect of the digital evidence.
.webp)
YARA & Sigma Scanners
DRONE comes embedded with a customisable YARA ruleset. In addition to this, DRONE also performs SIGMA scanning on the live endpoint.

Keyword Search
Perform powerful and lightning-fast keyword, regex, and wildcard searching on all your digital evidence.

Proprietary Findings
DRONE utilises a system of proprietary scoring algorithms to present labelled findings and verdicts that are easy to interpret and act on.

Enriched Reports & Timelines
All of DRONE’s findings are overlaid on our comprehensive case reports and timelines (AIR only) to guide your analysts in their investigation. Individual events of interest can be flagged as significant and provided as a PDF, HTML or JSON report.
Over 150 Evidence Types
Over 150 different evidence types, parsed and presented in a single report. DRONE’s case report is a self-contained HTML/JSON file that can be easily shared between analysts.
We collect more than 80 different types of system evidence in the following categories.
-
Disk Evidence
-
Memory Evidence
-
Browser Evidence
-
NTFS Evidence
-
Registry Evidence
-
Network Evidence
-
Event Logs Evidence
-
WMI Evidence
-
Process Execution Evidence
-
Miscellaneous Evidence
We collect over 70 different system artifacts in the following categories.
-
Server Artifacts
-
Microsoft App Artifacts
-
Communications Artifacts
-
Social Artifacts
-
Productivity Artifacts
-
Utility Artifacts
-
Developer Tools Artifacts
-
Cloud Artifacts
In addition to the 150+ evidence types collected, custom content profiles (path/pattern based) can be defined for specific evidence requirements.