Links

Acquisition

Data acquisition is seizing forensically sound data from any computer system (disk, external storage, memory, etc.). This data generally vary based on the operating system installed on the computer or server. Acquired data generally needs to be parsed, stored, and presented in a human-readable format for further analysis and investigation.
Data acquisition is the primary activity of all digital investigations. Before data acquisition, the investigators generally identify the data they’ll need. Since data or evidence is an essential element of any investigation, investigators generally want all the data they can acquire. Therefore, the power of the digital investigation and DFIR solution is proportional to the capability and, the wide range of data acquisition features.
Binalyze AIR provides easy, accurate, fast data acquisition capabilities to investigators with a wide range of operating systems supported and 260+ forensically sound data types. Binalyze AIR provides remote data acquisition for on-premise, cloud, and off-network devices. Thus investigators can investigate multiple devices remotely, at speed, and at scale.
Binalyze AIR supports Windows, Linux, macOS, ChromeOS and VMWare operating systems and can acquire and present 240+ types of forensically sound data.
The output of the Acquisition process is a Case Report. Investigators can use Case Reports for analysis and investigation, and they can also download Case Reports as a proprietary PPC file or export it as PDF or HTML files for further analysis.
The Binalyze AIR agent needs first to be deployed to acquire data then. All data acquisition is performed according to the Data Acquisition Profile created before the acquisition is started.
Data acquisition is categorized into three different kinds, which are Evidence, Artifacts, and Network Capture, and investigators can also create flexible custom data acquisition profiles to meet their requirements.