Lightning Fast, 24/7 Assisted Compromise Assessment Tool.


Binalyze DRONE Compromise Assessment  


Add powerful evidence
acquisition, analysis and
compromise assessment
to your toolkit today.


hero-drone-default-copy (1)

Binalyze DRONE is our assisted compromise assessment solution.

When deployed to an investigation, either from within AIR or as a standalone USB dongle, DRONE reviews all the available forensic evidence and returns its finding in just a few minutes, providing an ultra-fast early case assessment.

With its multi-functional and modular architecture DRONE is like having a senior DFIR analyst instantly available to review your cases, at any time of the day or night.

screenshot-drone-tr (1)
Providing Cyber Resilience to World-class Enterprises Globally
logo-customers-pwc logo-customers-garmin logo-customers-sophos logo-customers-thy logo-customers-kpmg logo-customers-ey logo-customers-deloitte logo-customers-turkcell logo-customers-integrity360

Modular Analysers

DRONE includes more than 20 modular analysis pipes, each tasked to review, score and report on a specific aspect of the digital evidence.

screenshot-droneanalysers-tl (1)

YARA & Sigma Scanners

DRONE comes embedded with a customisable YARA ruleset. In addition to this, DRONE also performs SIGMA scanning on the live endpoint.

Keyword Search

Perform powerful and lightning-fast keyword, regex, and wildcard searching on all your digital evidence.

Proprietary Findings

DRONE utilises a system of proprietary scoring algorithms to present labelled findings and verdicts that are easy to interpret and act on.

Enriched Reports & Timelines

All of DRONE’s findings are overlaid on our comprehensive case reports and timelines (AIR only) to guide your analysts in their investigation. Individual events of interest can be flagged as significant and provided as a PDF, HTML or JSON report.

We collect more than 80 different types of system evidence in the following categories.

  • Disk Evidence

  • Memory Evidence

  • Browser Evidence

  • NTFS Evidence

  • Registry Evidence

  • Network Evidence

  • Event Logs Evidence

  • WMI Evidence

  • Process Execution Evidence

  • Miscellaneous Evidence

AIR Evidence List


We collect over 70 different system artifacts in the following categories.

  • Server Artifacts

  • Microsoft App Artifacts

  • Communications Artifacts

  • Social Artifacts

  • Productivity Artifacts

  • Utility Artifacts

  • Developer Tools Artifacts

  • Cloud Artifacts

Artifacts Evidence List


In addition to the 150+ evidence types collected, custom content profiles (path/pattern based) can be defined for specific evidence requirements.

Custom Evidence Acquisition