Remote Acquisition

Remotely acquire 120+ evidence type including RAM image, Event Logs, Browser History, and Application Artefacts with a single mouse click.

Triage with YARA

Search YARA rules both in memory and file-system at scale.

Triggers for SIEM/SOAR

Easily integrate AIR into your existing SIEM/SOAR solutions with webhooks.

Schedule Acquisitions

Schedule daily, weekly or monthly tasks for automatically acquiring evidence or performing triage on your critical assets.

Acquisition Profiles

Create acquisition profiles based on your needs.

Active Directory

Fully integrates with Active Directory and Syslog.