LogoLogo
CtrlK
Back to binalyze.com
  • AIR Knowledge Base
  • AIR
    • AIR Platform
      • What is AIR?
      • Terminology
      • Architecture
        • AIR Responder Architecture; overview and performance analysis
        • AIR Task Flow and Management
      • Network Communication
      • Cloud Forensics
    • Setup
      • Relay Server
        • What is Relay Server?
        • Requirements for installation
        • How to install a Relay Server on different Linux platforms
        • How to change IP address of Relay Server
        • How to install a Responder with Relay Server support
        • Proxy configurations
          • Adding proxy to Relay Server
          • Adding proxy to Responder
        • Service Management for Relay Server
        • Whitelisting for Relay Server
        • Retrieving metrics from Relay Server
        • Updating and Uninstalling Relay Server
        • Troubleshooting
      • Responder
        • Responder Hardware Requirements
        • Responder - Supported Operating Systems
          • Responder - MS Windows supported systems
          • Responder - Apple macOS supported systems
          • Responder - Linux (DEB/RPM) supported systems
          • ESXi Standalone Collector
          • Responder - Chrome supported systems
            • AIR For Chrome
        • Responder for Golden Images
        • Responder and Active Directory OUs
        • Responder Exception Rules
          • AIR Watchdog Folder
        • FDA via Jamf and Apple's PPPC utility
        • Responder in Windows Safe Mode
      • Security
        • Two-factor authentication (2FA)
    • Settings
      • Console Settings
        • General
        • Assets
        • Security
        • Features
        • Evidence Repositories
        • Policies
        • User Management
          • User Groups
          • User Roles
        • Backup
        • Investigation Hub Disk Usage
        • Danger Zone
      • Organization Settings
      • Account Settings
    • Updating
      • Console Updating - SaaS
    • Features
      • API
        • API is likely to be more effective than Webhooks
      • Asset Isolation
      • Acquisition
        • Acquisition Profiles
          • Supported Evidence
          • IBM AIX Collections
          • Linux Collections
          • macOS Collections
          • Windows Collections
            • $Boot
            • $LogFile
            • $Secure:$SDS
            • $TxfLog $Tops:$T
            • ARP Table
            • Active Script Event Consumers
            • Amcache
            • Antivirus Information
            • AppCompatCache
            • AppPaths
            • Artifacts
            • Browser Extensions
            • CIDSizeMRU
            • CLR Logs
            • Chrome Bookmarks
            • Chrome Browsing History
            • Chrome Cookies
            • Chrome Downloads
            • Chrome Extensions
            • Chrome Favicons
            • Chrome Form History
            • Chrome Local Storage
            • Chrome Login Data
            • Chrome Sessions
            • Chrome Thumbnails
            • Chrome User Profiles
            • Chrome Web Storage
            • Clipboard
            • Command Line Event Consumers
            • Crash Dump Information
            • DNS Cache
            • DNS Servers
            • Default Browser
            • Docker Changes
            • Docker Container Logs
            • Docker Containers
            • Docker Image History
            • Docker Images
            • Docker Info
            • Docker Logs
            • Docker Networks
            • Docker Tops
            • Docker Volumes
            • Downloaded Files Information
            • Driver Objects
            • Drivers List
            • ETL Logs
            • Edge Bookmarks
            • Edge Browsing History
            • Edge Cookies
            • Edge Downloads
            • Edge Extensions
            • Edge Favicons
            • Edge Form History
            • Edge Local Storage
            • Edge Login Data
            • Edge Sessions
            • Edge Thumbnails
            • Edge User Profiles
            • Edge Web Storage
            • Environment Variables
            • Event Logs
            • EventTranscript DB
            • FileExts
            • Firefox Browsing History
            • Firefox Cookies
            • Firefox Downloads
            • Firefox Extensions
            • Firewall Rules
            • FirstFolder
            • Hibernation File
            • Hosts File
            • IE 10-11 & Edge Browsing History
            • IE 7-8-9 Browsing History
            • INF Setup Logs
            • IPv4 Routes
            • Iconcache
            • Installed Applications
            • Jumplist
            • LastVisitedPidlMRU
            • Lnk Files
            • MFT (Binary)
            • MFT Mirror
            • MFT as CSV
            • Map Network Drive MRU
            • Master Boot Record (MBR)
            • NTDS.dit
            • Network Adapters
            • Network Capture
            • Network Shares
            • Object Directory
            • OfficeMRU
            • Old Registry Hives
            • OpenSavePidlMRU
            • PDB Information
            • Page File
            • PowerShell Logs
            • Powershell History
            • Prefetch Files
            • Processes and Modules
            • Proxy Information
            • Quick Assist
            • RAM Image
            • RDP Cache Files
            • RecentDocs
            • RecentFileCache.bcf
            • Recycle Bin Information
            • Registry Hives
            • Registry Items
            • Registry Persistence
            • RunMRU
            • SRUM
            • Sam
            • Scheduled Tasks
            • Service List
            • Shadow Copy as CSV
            • ShellBags
            • ShellFolders
            • Shim Database
            • Startup Items
            • Superfetch
            • Swap File
            • System Restore Points Information
            • TCP Table
            • Thumbcache
            • Timeline
            • TypedPaths
            • TypedURLs
            • UDP Table
            • USB Storage History
            • USN Journal $Max
            • USN Journal (Binary)
            • USN Journal as CSV
            • Ual
            • User Folders
            • UserAssist
            • Users
            • Volume Information
            • WBEM Files
            • Window Screenshots
            • Windows Index Search
            • Winrar
            • Wireless History
            • WordWheelQuery
            • Windows Collections Detail
        • Chain Of Custody
        • Disk and Volume Imaging
          • Imaging with interACT
        • Scheduling Tasks
        • Task Creation
          • Asset Management with Persistent Saved Filters
          • Regex in DRONE:
          • Task Cancellation and Deletion
      • Auto Tagging & Tags
        • Tags
      • Compare
      • Console Audit Logs
      • DRONE
        • Analyzers
          • Cross Platform Analyzers
            • Browser History Analyzer
            • Dynamo Analyzer
            • Generic WebShell Analyzer
            • MITRE ATT&CK Analyzer
              • MITRE ATT&CK Analyzer changelog
          • Linux Analyzers
          • macOS Analyzers
            • Audit Event Analyzer
          • Windows Analyzers
            • Prefetch Analyzer
            • Shellbag Data Fields
            • Windows Event Records and how they are handled
              • Event Records Summary vs. Event Records
              • Windows Event Logs in v4.21 and older versions
        • What is an Analysis Pipeline?
        • What is DRONE?
      • Event Subscription
      • Evidence Repositories
        • Generating a SAS URL
      • File Explorer
        • File Explorer - FAQs
      • Fleet AI
      • Integrations
        • Microsoft Azure Cloud Platform Integration
        • SSO Integrations
          • FortiAuthenticator SAML 2.0 SSO Integration
          • Microsoft Azure SSO Integration
          • Okta SAML 2.0 SSO Integration
        • Webhooks
          • Carbon Black Cloud Integration
          • Cisco XDR Integration
          • Cortex XSOAR Integration
          • Crowdstrike Integration
          • Dynatrace Integration
          • Elasticsearch Logstash Kibana Integration
          • Fortigate SIEM Integration
          • IBM QRadar Integration
          • LogicHub SOAR (DEVO) Integration
          • Mattermost Integration
          • Microsoft 365 Defender Integration
          • Microsoft Sentinel Integration
          • Rapid7 InsightIDR Integration
          • SentinelOne Integration
          • ServiceNow Integration
          • Slack Integration
          • Splunk Integration
          • Stellar XDR Integration
          • Sumo Logic Integration
          • Wazuh Integration
      • interACT
        • interACT Commands
        • interACT Command Snippets
        • PowerShell commands in interACT
      • Investigation Hub
        • Investigation Hub – Data Usage Statistics Dashboard
        • Using the Investigation Hub
      • Off-Network Responder
        • biunzip
          • biunzip password file
        • Setting Up a Custom Case Directory
      • Policies
      • Proxy Configuration on the Console
      • Repository Explorer
      • Responder Proxy Support
      • Timeline
      • Tornado (Preview Version)
        • Getting Started with Tornado
          • Tornado Terminology
        • Tornado Collectors
          • Access Modes in O365
            • O365 license types
          • Accessing Google Workspace
            • Service Account Creation
              • Enable Service Account Key Creation
        • Tornado Demo
        • Tornado FAQs
        • Tornado Installation Guide
          • Tornado Operating System Support
        • Tornado Troubleshooting & Feedback
        • Updating Tornado
      • Triage
        • Schedule Triage Tasks
        • Triage Rule Templates
          • Sigma Templates
          • YARA Templates
          • osquery Templates
    • Integrations
      • Microsoft Azure Cloud Platform Integration
      • SSO Integrations
        • Microsoft Azure SSO Integration
        • Okta SAML 2.0 SSO Integration
        • FortiAuthenticator SAML 2.0 SSO Integration
      • Webhooks
        • Mattermost Integration
        • Splunk Integration
        • IBM QRadar Integration
        • Wazuh Integration
        • Cortex XSOAR Integration
        • Elasticsearch Logstash Kibana Integration
        • ServiceNow Integration
        • Sumo Logic Integration
        • Crowdstrike Integration
        • Microsoft Sentinel Integration
        • Slack Integration
        • Carbon Black Cloud Integration
        • Rapid7 InsightIDR Integration
        • LogicHub SOAR (DEVO) Integration
        • Fortigate SIEM Integration
        • Dynatrace Integration
        • Stellar XDR Integration
        • SentinelOne Integration
        • Microsoft 365 Defender Integration
        • Cisco XDR Integration
    • Troubleshooting
      • Understanding MSI Error Code 1618
      • How to gather logs for Troubleshooting
        • Collecting Console Log Files
        • Collecting Responder Log Files
        • Collecting Off-Network Responder Log Files
    • FAQs
      • How to download the collected evidence and artifacts?
      • How to gather logs for Troubleshooting
        • Collecting Console Log Files
        • Collecting Responder Log Files
        • Collecting Off-Network Responder Log Files
      • Responder troubleshooting
      • Understanding Port Usage
      • How many assets can connect to a single Console instance?
      • How do I enable SSL on Console?
      • Can I use AIR with EDR/XDR Products?
      • Can I integrate AIR with my SOAR/SIEM?
      • What external URLs are used?
      • Docker & Host System IP Conflict
      • Monitoring Responder and UI API's
      • How do I update Responders on assets?
      • How to reset the password of a user via the CLI?
      • Is there a way to move an asset from one Organization or Case to another?
      • Creating exclusions/exception rules for Responder on EPP and EDR Solutions
      • Anything missing?
  • Self-Hosted
    • Setup
      • Console Hardware Requirements
      • Pre-Installation Requirements
      • Installation Guide
        • Post-Deployment Configuration Guide
        • Using CLI on Console
      • Security
        • Console Access Control
        • Trust Center: Your Security and Compliance Hub
        • SSL Enforcement
          • SSL Certificate Management
      • Uninstalling Responders
    • Updating
      • 2-Tier Systems
      • Single-Tier Systems
      • Single-Tier Systems
    • Backup
      • Restore Backup Using the CLI
    • FAQs
      • Console Backup Procedure
      • Console CPU Profiling for Performance Issues
      • Console Migration Procedure for 2-Tier Installation
      • Console Migration Procedure for Single-Tier Setup
      • How can I install a version that isn't the latest?
      • How do I update console? * Roadmap
      • Resolving the "Invalid Host Header. Host must be the Console Address" Error
  • General
    • Licenses - Open-Source Software List
Powered by GitBook
On this page

Was this helpful?

  1. AIR
  2. Features
  3. DRONE

Analyzers

Cross Platform AnalyzersWindows AnalyzersLinux AnalyzersmacOS Analyzers
PreviousDRONENextCross Platform Analyzers

Last updated 2 months ago

Was this helpful?