To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of its contamination or loss. Named BitScout, the tool can build a swiss-army knife for the remote forensic investigation of live systems and has been made freely available for all investigators to use.

 

In most cyberattacks, legitimate owners of compromised systems fall victim to unidentified perpetrators. Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers.

 

However, it is a longstanding concern among forensic researchers that the need to travel long distances to collect crucial evidence such as malware samples from infected computers can result in expensive and delayed investigations.

The longer it takes for an attack to be understood, the longer it is before users are protected and perpetrators identified. However, the alternatives have either involved expensive tools and a knowledge of how to operate them, or the risk of contaminating or losing evidence by moving it between computers.

 

To solve the problem, Vitaly Kamluk, Director of Kaspersky Lab’s Global Research and Analysis Team in Asia Pacific (APAC) has created an open-source digital tool that can remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling.

 

Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

 

“The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy. But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this, freely and easily – so I decided to build one,” said Vitaly Kamluk.

 

Kaspersky Lab experts work closely with law enforcement agencies across the world to help in the technical analysis of cyber investigations. This gives them a unique insight into the challenges LEA personnel face when fighting modern cybercrime.

 

The cybersecurity landscape is now so complex and sophisticated that investigators need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adjusted to the particular needs of an investigator, and improved and upgraded with additional features and custom software.

 

Most importantly it comes free of charge, based on open-source solutions and is fully transparent: instead of relying on third party tools with proprietary code, experts can use the Bitscout open-source code to build their own swiss-army knife for digital forensics.

 

The list of BitScout features includes:

●Disk image acquisition even with un-trained staff

●Training people on the go (shared view-only terminal session)

●Transferring complex pieces of data to your lab for deeper inspection

●Remote Yara or AV scanning of offline systems (essential against rootkits)

●Search and view registry keys (autoruns, services, plugged USB devices)

●Remote file carving (recovering deleted files)

●Remediation of the remote system if access is authorized by the owner

●Remote scanning of other network nodes (useful for remote incident response)

 

The tool is freely available at the GitHub code repository: https://github.com/vitaly-kamluk/bitscout

 

Read more on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 26 June 2018 4:58 PM | 71 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is.... See More
 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 4:58 PM | 71 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is...See More

 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 11 January 2018 9:32 AM | 40 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:. See More
 
Cybersecurity Past and Future What’s Come This Year and What is Coming
Techworld Date Posted: 9:32 AM | 40 Views
You know what they say about history: Those who don’t learn from it are doomed to repeat it. Another maxim about the future holds true, too:See More

 
PH’s Biggest Telcos Converge, Unveil First PLDT-Smart Store in BGC
Techworld Date Posted: 27 April 2018 3:22 PM | 60 Views
Manila, Philippines – The country’s leaders in broadband, mobile and digital entertainment are now in one home. PLDT and Smart formally unveiled the first ever PLDT-Smart Store—a one-stop digital hub and converged store which.... See More
 
PH’s Biggest Telcos Converge, Unveil First PLDT-Smart Store in BGC
Techworld Date Posted: 3:22 PM | 60 Views
Manila, Philippines – The country’s leaders in broadband, mobile and digital entertainment are now in one home. PLDT and Smart formally unveiled the first ever PLDT-Smart Store—a one-stop digital hub and converged store which...See More

 
Return on Security Investment: Internal SOCs Halve the Financial Impact of Enterprise Data Breaches
Techworld Date Posted: 16 October 2019 9:32 AM | 91 Views
Return on Security Investment: Internal SOCs Halve the Financial Impact of Enterprise Data Breaches. See More
 
Return on Security Investment: Internal SOCs Halve the Financial Impact of Enterprise Data Breaches
Techworld Date Posted: 9:32 AM | 91 Views
Return on Security Investment: Internal SOCs Halve the Financial Impact of Enterprise Data BreachesSee More

 
Power Mac Center Launches Lowered Service Rates, Enhanced Mail-In Repair Service
Techworld Date Posted: 7 November 2018 4:06 PM | 301 Views
In its commitment to provide genuine and hassle-free premium services to its customers, Power Mac Center’s Apple Authorized Service Provider is introducing lowered service repair rates and enhanced service offerings. . See More
 
Power Mac Center Launches Lowered Service Rates, Enhanced Mail-In Repair Service
Techworld Date Posted: 4:06 PM | 301 Views
In its commitment to provide genuine and hassle-free premium services to its customers, Power Mac Center’s Apple Authorized Service Provider is introducing lowered service repair rates and enhanced service offerings. See More

 
17th Philippine Robotics Olympiad
Techworld Date Posted: 3 July 2018 11:17 AM | 1579 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools..... See More
 
17th Philippine Robotics Olympiad
Techworld Date Posted: 11:17 AM | 1579 Views
The Philippine Robotics Olympiad (PRO) is a science, technology, and educational event which aims to offer an opportunity for students to expand their horizons through the exploration of robots and robotic systems in schools....See More

 
PLDT-Smart Omega Gears Up for Country’s First Franchise-Based Esports League
Techworld Date Posted: 14 March 2019 9:12 AM | 98 Views
PLDT-Smart Omega, the professional esports team of leading telco and digital services provider PLDT and its mobile arm Smart Communications, is one of the five inaugural teams competing in The Nationals, the country's first.... See More
 
PLDT-Smart Omega Gears Up for Country’s First Franchise-Based Esports League
Techworld Date Posted: 9:12 AM | 98 Views
PLDT-Smart Omega, the professional esports team of leading telco and digital services provider PLDT and its mobile arm Smart Communications, is one of the five inaugural teams competing in The Nationals, the country's first...See More

 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 21 November 2018 1:31 PM | 540 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with.... See More
 
Realme to Officially Enter the Philippines on November 29th
Techworld Date Posted: 1:31 PM | 540 Views
Realme, a fast-emerging smartphone brand in South East Asia announces its official arrival in the Philippines on November 29th, 2018. Established in May 2018, Realme aims to provide young people around the world with...See More

 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 18 February 2019 11:49 AM | 230 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity..... See More
 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 11:49 AM | 230 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity....See More

 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 30 September 2017 9:37 AM | 593 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new.... See More
 
ASUS Announces Z370 Series Motherboards
Techworld Date Posted: 9:37 AM | 593 Views
The arrival of the 8th Generation Intel CoreTM processors marks the latest launch of a new consumer-oriented desktop platform this year, one with unprecedented power and responsiveness. Otherwise known as Coffee Lake, these new...See More


Power by

Download Free AZ | Free Wordpress Themes