Released from Binalyze: AIR v1.7.35 brings innovations in DFIR with the new features set

On Thursday, 1st April, Binalyze introduced the new AIR product release that featured below listed main highlights:

  •      Endpoint Isolation
  •      Linux Support
  •      SFTP Evidence Repository
  •      Compression & Encryption
  •      Policy Support

Endpoint Isolation

Currently in the DFIR world, when something suspicious is found during the investigation, it is mandatory to contact the firewall or the relevant department to close the connections of the endpoint in order to prevent lateral movement to any other location or to prevent data leakage to the outside world.

At this point the investigators have to contact an outside body or unit to finalize this isolation process which takes time and can jeopardize your investigation.

Binalyze AIR now contains the Endpoint Isolation feature that puts the investigation under the control of the Investigators / SOC Analyst teams by making it possible for them to disconnect any endpoint from the network immediately with one single click. In addition, since the communication with AIR continues, analysts can keep examining the isolated endpoint via the AIR Console. 


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Main advantages:

  1. AIR immediately isolates the machine from the network with a single click, a hard-to-find feature among digital forensic solutions. Normally firewalls or NAC devices are used for this purpose, with this feature Binalyze AIR shortens the process without contacting any other product or department.
  2. Isolated machines can be further examined by the DFIR investigators which lets them continue the investigation without any disturbance or interference.

Linux support

Outstanding coverage of Binalyze enterprise forensics platforms for Windows clients are now also available for Linux. All technical details and supported Linux distributions you can found here

SFTP Evidence Repository

SFTP is a protocol packaged with SSH that transfers files over a secure connection. The biggest advantage lies in the ability to leverage a secure connection with a pre-set username and password to transfer evidence files. This enables AIR to save the collected evidence to a remote location that can be later accessed by the MSSPs for downloading the collected evidence. 

Compression & Encryption

Efficiency and simplicity are at the core of Binalyze solutions, so in this product release, we incorporated the compression and encryption features with the main purpose of reducing network bandwidth, file size to save disk capacity and encrypting evidence for increased security.

Collected evidence will be compressed and encrypted using military grade AES-256 encryption in a ZIP container that can then be opened by providing the password. 

Policy Support

Larger organisations with many endpoints have been requesting a method of managing the configuration of tasks such as acquisition, triage or timelining so that they all comply with the organisations broader policies and compliance requirements.

We have now provided this functionality via our Policy Support feature.

Now, if you would like to apply predefined configurations (selecting an evidence repository, enabling compression, setting up encryption, limiting CPU resource usage etc.) to an endpoint or a group of endpoints, you can create these as policies within AIR and target your group using filters.

In this way you automate your investigation process where you don’t have to define single rules for each endpoint but rather create a policy and apply it automatically.

To learn more about the features and its functionalities watch a demo of Binalyze AIR v1.7.35 new product release where Binalyze’s founder Emre Tinaztepe demos the new feature highlights.

To download the update visit here.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles