Release Alert: Acquire 150+ digital evidence types with one click!

With the latest version of TACTICAL v2.7.4, you can now acquire 152 types of digital evidence out of the box, adding almost 30 new types. 

Binalyze TACTICAL was already the fastest and most comprehensive forensic evidence collector available. Now we have extended the quality and quantity of evidence types you collect with just one single click. Additionally, here are some other release highlights that will further enhance your digital forensics practices: 

USB History

Whether you are investigating an endpoint in your corporate environment or you are part of a criminal investigation, you will need to investigate the USB device history of an endpoint.  Knowing what USB devices were connected to the computer is the essential information and of great importance to a forensic examiner.

This feature is mostly provided by traditional desktop forensic solutions or specifically designed standalone solutions but in our case, with the newest version of TACTICAL, it is combined into the product so you get the full forensic image + USB storage history with one solution.

Added support for MFT as CSV collection from all drives

With this version of TACTICAL, you can collect all files from the MFT including the deleted ones. Previously TACTICAL was only collecting MFT from the system volume but with this version, it is collecting from all attached volumes. Besides enumerating deleted files in this version we further enrich the MFT by adding support for alternate data streams which is a feature of NTFS that may be abused by hackers to hide additional data that is not visible to the end-user. It is a great place to hide suspicious data and with this version, TACTICAL collects those fields as well. 


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Added support for evidence exclusion at the command line parameters

Sometimes you just know what you are looking for and just want to get straight to it. From this release, we have added the ability to exclude the evidence types you don’t need, simply, from the command line. 

Below you can find an example:

Remote evidence acquisition from command-line

Instead of just using the solution on machines in person, TACTICAL gives you the possibility to run the evidence collection remotely from the command line. This feature adds flexibility to your digital forensics investigation strategy by being able to collect evidence remotely and quickly, whenever you need it.

Offline mode

For additional security and applications where the endpoint is already isolated, TACTICAL provides the ability to collect digital evidence in Offline mode without a license check. All evidence collected in offline mode stays encrypted until you connect to the license server at a later time and decrypt the evidence to examine it.

How to get TACTICAL?

If you would like to try the TACTICAL, please visit www.binalyze.com/tactical.

Leave a Comment