Links

Off-Network Endpoint

How to collect evidence from an off-network device and import it to AIR?
Binalyze AIR lets you import an acquisition collected from an off-network endpoint.
Off-network Acquisition is a feature provided by Binalyze TACTICAL that lets you collect evidence from a device that doesn't have an active internet connection. When executed with the offline parameter, TACTICAL creates an encrypted evidence container file (.eppc) that can be decrypted using the decrypt parameter. Once decrypted, the resulting evidence (.ppc) can be easily imported to AIR using the "Off-Network Endpoint" feature.
See Command Line Examples in Binalyze TACTICAL for more information.