Bryan Barnhart, owner of Infiltration Labs – a specialist in Digital Forensic investigations, penetration testing, and cyber security incident response, answers questions about his first-hand experience of using Binalyze AIR.
Bryan knows the world of DFIR only too well, thanks to a prestigious resume, having worked as a cyber crimes investigator with various US law enforcement agencies. Bryan also developed and taught courses on network intrusion response for the US Secret Service Electronic Crimes Task Force.
So, Bryan, what first drew you to using Binalyze AIR?
Initially, it was that Binalyze AIR’s deployment is so easy, even for non-technical individuals. Within minutes of having AIR deployed, I have full visibility into all endpoints and could start performing Triage data acquisitions, Yara rule scans, and Timeline analysis. This is extremely powerful.
I also really love DRONE’s analyzers because they make it super-quick and easy to discover malicious or suspicious activity.
What real-world benefits are you seeing when working with AIR?
With AIR, I can respond remotely to incidents much faster and more efficiently. This has enabled me to both take on more cases and, specifically, take on cases that involve far more computers. In short, it’s really helped me to scale my response capability – which is commercially very important.
In terms of time to value – how quickly were you able to deploy AIR and see the positive impacts of using the platform?
It’s much more efficient for me to deploy AIR to a suspect endpoint than it is for me to have non-AIR physical access to the computer.
Thankfully, with just a few clicks, I can collect multiple artifacts across many different systems versus running a mixture of different forensic acquisition tools.
What was your experience of AIR’s integrations into your existing DFIR workflow?
Integrating AIR was relatively seamless. Investigating via the AIR console provides me with quick answers and highlights malicious and suspicious items. Because AIR also downloads the raw digital artifacts, it still allows me the flexibility to perform traditional digital forensics processes as needed.
How would you compare Binalyze AIR to other products you’ve used in the past?
As far as I know, there’s no other product out there like AIR. It really does combine all of the best bits of many different and wide-ranging products into a single, easy-to-deploy and use solution.
How effective has Binalyze’s support team been in addressing any queries, feedback, or new feature requests you may have had with AIR?
Binalyze’s support is fantastic. Even though they are in a different time zone to me, they always respond promptly.
They’ve also always gone above and beyond to answer any questions that I’ve had and help to resolve any issues. I have to specifically call out Caner for being top-notch. That guy not only knows his stuff but is also amazingly helpful.
To anyone currently looking at AIR and considering signing up for a free trial/demo – what would be your advice?
Just do it; I mean, why wouldn’t you?! Unless you’re opposed to working more efficiently. It’s been great to watch the Binalyze team continue to scale and grow.
To find out how AIR could positively impact your DFIR operations – why not sign up for a free 14 day trial?