Skip to the main content.

1 min read

New in Binalyze AIR v1.8.0: Introducing Network Capture

Featured Image

With the release of Binalyze AIR v1.8.0, we are introducing network capture capabilities to the acquisition profiles so you can capture both Network Flow (TCP/UDP connections) and PCAP IP packet data directly within the AIR platform. This upgrade brings significant advantages by further consolidating all your digital forensics activities into one solution and collaborative platform that delivers automation to save you time, reduce your costs and increase efficiency. 

Currently, there are a number of network capture tools for Windows, such as Wireshark, TCPdump, and PRTG Network Monitor, that enable the investigator to monitor activity across the network. There are also a number of hardware solutions. With this release of AIR you are no longer required to make expensive CAPEX investments in these hardware appliances or search for external, standalone solutions as we provide this capability on the endpoint itself in a fully automated and remote way.

Incident Response and Compromise Assessment rely on agility and speed, solutions that require your analysts to use multiple, fragmented solutions to acquire digital evidence, capture network traffic, and perform analysis and reporting will create delays and backlogs. These delays increase risk and elevate costs.

How to use Network capture in AIR

  • Open your AIR dashboard and navigate to the Acquisition section to create a new profile for capturing network traffic

air-new-acquisition

  • Give your Acquisition profile a unique name and select the organization it should apply to if you are running multiple organizations

  • Choose the timeframe and in which format you would like to receive the traffic report once it is finalized

air-new-acquisition-profile

  • You can have a dedicated network capture profile or you can add other evidence acquisition requirements to the profile from Evidence List, Artifact list, or Custom Content Profiles. Please note that, if combining evidence types like this, the completion of the evidence acquisition will be delayed for the duration of the network capture.

  • And that’s it. You created your network acquisition profile and you can now create acquisition tasks on a single endpoint, group of endpoints, or all endpoints for fully remote and automated network capture.

We will be hosting a Network Capture workshop on the 1st of September during which our product team will run some real-world network capture scenarios and analyze the captured results.

If you would like to join this workshop you can do so here.

How to download?

Binalyze AIR v1.8.0 RC is now available

The full production version of AIR 1.8.0 will be available on 18th August.

You can update directly from your product (shown below) or download it from the website here.

air-evidence-repositories