It is not possible to compare the product with SIEM because the purpose and use cases are quite different. Here, in addition to SIEM, we have 156 different proofs and searches on them, but if we talk only for logs, Sigma rules can be written on Binalyze side. can be used to be made. Most SIEM brands do not offer sigma support directly, it is necessary to translate the rule into their own language structure. Second, a retrospective search in SIEM can take hours in large log directories. In Binalyze, on the other hand, since each agent will run the sigma rule on its own machine, the load is distributed and the searched item becomes faster. Finally, SIEM cannot receive real time logs from machines. Even the best SIEMs work near-real time. One of the first moves an attacker will make after breaking into the machine is to kill the outgoing log service. At this point, as long as it keeps logs on the machine, Binalyze works in a way that it can go and receive them. (Some SIEMs can also work this way, that doesn't mean it's different from all of them)

Available. Since Binalyze's counting of evidence is more valuable than a simple log, almost everything that can be counted as evidence with a log is also evidence with Binalyze.

There is no possibility of an attacker destroying all the evidence inside. Surely there will be evidence in some places. Of course, it may not be possible to detect all the movements of an attacker who deletes/hides his evidence, but it is possible to extract many parts of the big picture by examining the evidence remaining inside.

Ransomeware shield feature is available. Binalyze process runs with system level rights (higher than Admin rights) and the process is protected against interupt by any process. Retrieves all unencrypted evidence on a ransomeware infected machine. This includes the RAM image.

If the entire disk is encrypted, it is not possible for the operating system to work properly. This question may differ depending on the case and the type of ransomeware encountered.

First of all, Binalyze is ahead of its competitors in the number of evidence it collects against all its other competitors and parsing it and presenting it in the report. In order to compare Binalyze, it is currently necessary to compare 3 different product groups. In addition, these products require 3 different management, 3 different interfaces and 3 different controls, and then these data need to be combined and interpreted. In addition, even with these 3 products, it may be necessary to include a 4th product here due to its live-response capabilities. These are evidence collection, comprimise assessment and basic auto-discovery products. Third, the Binalyze product is superior to its competitors in terms of speed. Some of the named competitors can take an incredible 3 days to do their job. If we only have to wait for one vehicle for a period of 3 days in an emergency or during an incident response, the situation is far from an incident response or urgency situation. Finally, Binalyze has brought a different and innovative approach to forensic and incident response. Instead of classical methods, the product is progressing with the philosophy of racing against time, easy use and progress with what is needed. Availability is very important in 2022 and institutions should not experience interruptions. In such cases, both low resource consumption and being able to work without any interruption provide a great advantage to the institutions. Some competitor products require impossible resources for institutions such as 200GB of ram even for simple scans. (If 200 gb of free ram can be given on the currently running server, it means the system is configured incorrectly)

No. In the future, it may be able to run on different devices running Thin client or Linux/Windows operating systems, but it will not be Android or IOS.

The first place to look depends on the story. In our country, some of the incident response experts start by looking at the evidence they feel comfortable with, but the truth is, you should prioritize the evidence according to the case you come across and choose your beginning. Shellbags or shimcache can be called favorites here.