What is AIR?

Automated Incident Response platform
Binalyze AIR is an automated Digital Forensic Incident Response platform, that provides the most complete feature set for remotely collecting 350+ different evidential artifact types, in minutes, across multiple Operating Systems platforms - It’s lightning fast and has been designed to be extremely easy to use.
AIR accelerates your investigation process via a comprehensive and integrated post-acquisition analyzer known as DRONE. All of the DRONE's findings, for multiple assets, are presented in a single 'pane of glass' or Investigation Hub.
AIR will perform simultaneous triage on thousands of assets using YARA, Sigma and osquery rules.
AIR captures the 'forensic state' of multiple assets and presents this information in an Investigation Hub.
The Investigation Hub serves as an all-encompassing, user-friendly DFIR intelligence resource. This unifying Investigation Hub, consolidates Acquisition and Triage data from all assets, presenting it in an easily digestible format. It also integrates DRONE data through intuitive graphical visualizations, thereby identifying the most critical machines that warrant further immediate, focused investigation. The Investigation Hub streamlines the investigative process by:
  • Providing actionable findings to prioritize and guide investigators,
  • Offering comprehensive listings of all evidential artifacts,
  • Including a range of filtering options, and
  • Featuring a powerful global search capability.
The AIR console is very simple to deploy, and thanks to it being Docker based, it can easily be deployed on premise or on a server in AWS or Azure Cloud.
The AIR platform integrates with your existing SIEM, SOAR solutions and many EDR products. This is done via Webhooks and API access for empowering analysts to automate the response phase of IR.
So, all forensic collections can be; scheduled, automated, remote and scalable.
With evidence hashing, encryption and RFC3161 time-stamping, the Chain of Custody for evidence handling by AIR is completely secure.
Other key features include our patent pending Baseline Comparison technology. This allows you to be more focused in the way you target your efforts. Here, you can compare acquisitions against one another and easily identify additions, changes and deletions to key system areas often exploited by attackers.
AIR helps you cut through the noise of security data, with live YARA, Sigma, and osquery scanning combined with rapid keyword searching, automated post acquisition analysis and Event Scoring.
These features all combine to enable most digital forensics investigations to be concluded in less than 4 hours - which is a dramatic improvement over what is commonly achieved today with other solutions.