Tornado (Preview Version)
Last updated
Last updated
Tornado is a standalone desktop application designed to simplify and enhance evidence collection from cloud platforms like Google Workspace and Microsoft Office 365.
Tornado enables investigators to effortlessly collect critical artifacts, such as email records, user access logs, and administrative actions—key elements in Business Email Compromise (BEC) investigations. While it already supports two platforms, additional cloud platforms and services will be supported in the future.
The initial preview version of Tornado is available to existing AIR customers alongside the release of AIR version 4.31, expected on January 15, 2025. Customers can download it via the Tornado Preview button in the Main Menu of the AIR console.
For non-AIR customers, a free preview version of Tornado will be available through a new landing page starting February 10, 2025. In the meantime, interested users can register on the landing page to join our mailing list and receive the download link.
1. Multi-Platform Support
Microsoft Office 365
Google Workspace
Future platform expansions are planned
2. Collection Capabilities
Google Workspace Data Types
Microsoft 365 Data Types
1. Evidence Collection Interface
User-friendly and intuitive design
Precise and reliable digital evidence gathering
Streamlined collection process for efficiency
2. Investigation Benefits
Tailored for Business Email Compromise (BEC) investigations
Rapid evidence collection
Optimized investigation workflows
Enhanced incident response capabilities
3. Data Analysis Options
Export data to SQLite for detailed analysis
Seamless integration with Binalyze AIR
Connectivity with the Investigation Hub for advanced use cases
1. Resource Monitoring
Built-in resource tracking to ensure efficient performance
Real-time monitoring of disk usage and system statistics
Logging for system and performance insights
2. Security Features
Encrypted communication protocols for data protection
Secure token handling for authentication
Authorization controls to manage access rights
Comprehensive access management for user accounts
1. Email Investigations
Analyze communication patterns
Review email content and attachments
Examine settings and configurations
2. Access Analysis
Monitor login activities and unusual behaviors
Conduct thorough security audits
Track permission changes
3. Administrative Reviews
Investigate system configuration changes
Review policy modifications
Track role assignments and device management
4. Compliance Monitoring
Verify data retention policies
Ensure enforcement of organizational policies
Validate access controls and perform audit log reviews
1. Installation
Free standalone desktop application
Quick and simple setup process
2. Authentication
Platform-specific authentication methods
Secure token management for enhanced security
Support for multiple accounts
3. Collection Process
Select data sources and configure collectors
Define specific time ranges for targeted collection
Monitor progress in real-time
4. Data Export
Export collected data in SQLite format for analysis
Integration-ready for seamless workflows
Prepared for further investigation and reporting
Tornado is a comprehensive cloud forensics solution that combines user-friendly functionality with powerful evidence-collection capabilities. Designed to simplify investigations across major cloud platforms, it offers robust tools to enhance security, support compliance, and deliver actionable insights.
