Evidence Repositories

Where evidence gets saved to

AIR supports saving the collected evidence either locally or to a remote location such as a network share, or Cloud Storage providers such as Azure Blob Storage/AWS S3 Bucket (development in progress).

The term Evidence Repository describes a remote location whether it is a password protected network share, an anonymous access NAS directory, or some cloud storage provider.

Mapping Evidence Repositories

Upon receiving and an evidence acquisition task from the console, endpoints:

  • Map the provided evidence repository,

  • Save the requested evidence on it,

  • Unmap the repository once the process completes.