biunzip

‘biunzip’ is a command-line tool from Binalyze specifically designed to extract zip files generated by the AIR Off-Network Agent.

You can download the latest release of biunzip from the releases section on GitHub.
Biunzip will either unzip a single zip file, or unzip zip files in a directory using a CSV file.
This capability will allow running off-network investigation at scale, and at speed with minimum effort.

Below we walk through the process

1) Download biunzip from https://github.com/binalyze/biunzip/releases.

2) Import off-network zipped files to a machine with AIR console access and the biunzip utility:

3) Import off-network files into AIR (with acquisition password if the files are encrypted):

4) Export the passwords:

5) View the exported passwords:

6) Run biunzip with the following flags and necessary flag values to unzip off-network files:

biunzip.exe --dir zip_dir_path --csv cvs_file_path

In this example, zip_dir_path points “C:\Users\roadrunner\Desktop\offnetwork_files” directory, csv_file_path points “C:\Users\roadrunner\Desktop\Off-Network-Zip-Passwords_3107231801.csv“ file

7) Here we see the unlocked zip file alongside the original locked files:

PreviousOff-Network Assets Nextbiunzip password file

Last updated 8 months ago