Links
Comment on page

biunzip

‘biunzip’ is a command-line tool from Binalyze specifically designed to extract zip files generated by the AIR Off-Network Agent.
  • You can download the latest release of biunzip from the releases section on GitHub.
  • Biunzip will either unzip a single zip file, or unzip zip files in a directory using a CSV file.
  • This capability will allow running off-network investigation at scale, and at speed with minimum effort.
Below we walk through the process
2) Import off-network zipped files to a machine with AIR console access and the biunzip utility:
3) Import off-network files into AIR (with acquisition password if the files are encrypted):
4) Export the passwords:
5) View the exported passwords:
6) Run biunzip with the following flags and necessary flag values to unzip off-network files:
biunzip.exe --dir zip_dir_path --csv cvs_file_path
In this example, zip_dir_path points “C:\Users\roadrunner\Desktop\offnetwork_files” directory, csv_file_path points “C:\Users\roadrunner\Desktop\Off-Network-Zip-Passwords_3107231801.csv“ file
7) Here we see the unlocked zip file alongside the original locked files: