Investing in next-gen digital forensics with Binalyze

Matt Carbonara

Managing Director and Head of Enterprise Tech Investing, Citi Ventures

Avi Arnon

Vice President, Citi Ventures

Nick Sands

Vice President, Citi Ventures


Binalyze’s digital forensics platform, AIR, accelerates the data breach investigation process from days to under just four hours, taking enterprise cybersecurity resilience to the next level.

Digital forensics and incident response (DFIR) — the practice of identifying and investigating cyberattacks — has never been more vital to an enterprise’s security posture. According to IBM’s Cost of a Data Breach Report, 2023 set an all-time record in that regard, with the global average data breach cost reaching $4.45 million (a 15.3% jump from 2020). Furthermore, cyberattacks are growing in volume, velocity and complexity, with threat actors seeking to exploit vulnerabilities as enterprises shift to cloud computing and remote work.

Despite the escalating cyber threat, enterprises have been relatively slow to adopt DFIR tools — largely due to the origins of digital forensics. A branch of forensic science, digital forensics was invented by law enforcement agencies to recover evidence of crimes from computers and other digital devices. Legacy DFIR tools are therefore ill-suited to enterprise cybersecurity needs, as they are geared toward gathering digital evidence of a crime committed in the physical world rather than toward cyberattacks and other events that occur entirely in the digital space.

Using these tools also requires significant expertise. With trained investigators in short supply outside law enforcement, adoption in private industry has thus far been limited primarily to managed security service providers and large enterprises with heightened security needs, such as financial services and healthcare companies.

Finally, fragmentation within the DFIR market itself presents additional barrier to widespread adoption. Most DFIR solutions only support part of the process or are only compatible with certain devices and operating systems, forcing enterprises to patch together an end-to-end solution from multiple tools and vendors.

Given these conditions, the market is ripe for a DFIR platform that’s both tuned to enterprise use cases and simple enough to be used by security operations center (SOC) analysts without specific training in digital forensics. Enter Binalyze, an automated digital forensics solution provider that enables enterprises to respond faster and more effectively to cyber threats.

Binalyze’s unified platform, named AIR, offers all the features needed for the initial stages of an incident investigation: data collection, triage and analysis. Once a SOC analyst is alerted to a potential security event, AIR can collect digital artifacts from any asset on a network then run remote triage at scale and assess the compromise. Able to parse and process over 350 different types of evidence, AIR can then create a comprehensive record of events on the network for timeline analysis and ultimately generate a structured and complete report in HTML/JSON files that can be easily shared between analysts.

Crucially, this innovative solution enables SOC teams to “shift left” and resolve most security alerts early in the investigation process. Junior team members, who are often the first investigators “on the scene,” rarely have the domain knowledge to assess what triggered an alert, forcing more experienced analysts to step in. By automating the initial phases of the incident investigation process, AIR empowers junior analysts to investigate digital events and determine the credibility of potential threats themselves — freeing up more expert senior analysts to focus on more severe events. This makes SOC teams significantly more efficient, saving time and money for Binalyze’s customers.

The vision behind Binalyze’s comprehensive DFIR solution came from the founder’s own frustrations with digital forensics. Founder and CEO Emre Tinaztepe gained his deep domain expertise through two decades in software development and malware analysis, working as Director of Development at anti-malware firm Zemana and as Malware Analysis Team Lead at antivirus company Comodo. Emre’s impressive technical knowledge and strength as a leader has helped him attract talent from top software companies such as Crowdstrike, Symantec and PipeDrive to join Binalyze’s management team.

Given that Binalyze provides a robust, differentiated enterprise DFIR platform backed by an industry-leading team, we’re pleased to announce our investment in Binalyze’s Series A round alongside Molten Ventures, Earlybird, OpenOcean, Cisco Investments and Deutsche Bank. Our congratulations to Emre and the Binalyze team!

For more information, Avi Arnon at or Nick Sands at

To see Citi Ventures’ full portfolio of companies, visit our Portfolio page.