Tornado (Preview Version)

Welcome to Binalyze Tornado

Tornado is a standalone desktop application designed to simplify and enhance evidence collection from cloud platforms like Google Workspace and Microsoft Office 365.

Tornado enables investigators to effortlessly collect critical artifacts, such as email records, user access logs, and administrative actions—key elements in Business Email Compromise (BEC) investigations. While it already supports two platforms, additional cloud platforms and services will be supported in the future.

Key Features

1. Multi-Platform Support

  • Microsoft Office 365

  • Google Workspace

  • Future platform expansions are planned

2. Collection Capabilities

  • Google Workspace Data Types

  • Microsoft 365 Data Types


Core Platform Features

1. Evidence Collection Interface

  • User-friendly and intuitive design

  • Precise and reliable digital evidence gathering

  • Streamlined collection process for efficiency

2. Investigation Benefits

  • Tailored for Business Email Compromise (BEC) investigations

  • Rapid evidence collection

  • Optimized investigation workflows

  • Enhanced incident response capabilities

3. Data Analysis Options

  • Export data to SQLite for detailed analysis

  • Seamless integration with Binalyze AIR

  • Connectivity with the Investigation Hub for advanced use cases


Technical Architecture

1. Resource Monitoring

  • Built-in resource tracking to ensure efficient performance

  • Real-time monitoring of disk usage and system statistics

  • Logging for system and performance insights

2. Security Features

  • Encrypted communication protocols for data protection

  • Secure token handling for authentication

  • Authorization controls to manage access rights

  • Comprehensive access management for user accounts


Use Cases

1. Email Investigations

  • Analyze communication patterns

  • Review email content and attachments

  • Examine settings and configurations

2. Access Analysis

  • Monitor login activities and unusual behaviors

  • Conduct thorough security audits

  • Track permission changes

3. Administrative Reviews

  • Investigate system configuration changes

  • Review policy modifications

  • Track role assignments and device management

4. Compliance Monitoring

  • Verify data retention policies

  • Ensure enforcement of organizational policies

  • Validate access controls and perform audit log reviews


Getting Started

1. Installation

  • Free standalone desktop application

  • Quick and simple setup process

2. Authentication

  • Platform-specific authentication methods

  • Secure token management for enhanced security

  • Support for multiple accounts

3. Collection Process

  • Select data sources and configure collectors

  • Define specific time ranges for targeted collection

  • Monitor progress in real-time

4. Data Export

  • Export collected data in SQLite format for analysis

  • Integration-ready for seamless workflows

  • Prepared for further investigation and reporting


Summary

Tornado is a comprehensive cloud forensics solution that combines user-friendly functionality with powerful evidence-collection capabilities. Designed to simplify investigations across major cloud platforms, it offers robust tools to enhance security, support compliance, and deliver actionable insights.

Last updated

Was this helpful?