File Explorer

AIR v4.7 introduces a new File Explorer

AIR can now be used to explore the file systems of Windows, macOS, and Linux systems where full disk or volume images have been acquired in the RAW format.

The forensic image can be added to AIR as a new Asset in a three-step process:

• 1. On the Assets page, click on the ‘Add New’ button and then select Disk Image:

• 2. Select your connected repository and then the raw disk image you wish to explore:

• 3. Select ‘Create Asset’:

The image must be supplied to AIR from an SMB or SFTP shared location, where it needs to be saved as a single contiguous file. Segmented files are not currently supported.

The next step is to select File Explore from the secondary menu:

Now you can browse the asset’s directory structure which is now expanded in the secondary menu (highlighted below) and then go on to select individual files for closer inspection:

A file can be selected with a right-click to download it locally or calculate its hash values.

Advanced filters can be applied to filter the files displayed.

This is just the beginning of our File Explorer project - many more features are planned and your feedback is most welcome.