To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of its contamination or loss. Named BitScout, the tool can build a swiss-army knife for the remote forensic investigation of live systems and has been made freely available for all investigators to use.

 

In most cyberattacks, legitimate owners of compromised systems fall victim to unidentified perpetrators. Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers.

 

However, it is a longstanding concern among forensic researchers that the need to travel long distances to collect crucial evidence such as malware samples from infected computers can result in expensive and delayed investigations.

The longer it takes for an attack to be understood, the longer it is before users are protected and perpetrators identified. However, the alternatives have either involved expensive tools and a knowledge of how to operate them, or the risk of contaminating or losing evidence by moving it between computers.

 

To solve the problem, Vitaly Kamluk, Director of Kaspersky Lab’s Global Research and Analysis Team in Asia Pacific (APAC) has created an open-source digital tool that can remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling.

 

Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

 

“The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy. But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this, freely and easily – so I decided to build one,” said Vitaly Kamluk.

 

Kaspersky Lab experts work closely with law enforcement agencies across the world to help in the technical analysis of cyber investigations. This gives them a unique insight into the challenges LEA personnel face when fighting modern cybercrime.

 

The cybersecurity landscape is now so complex and sophisticated that investigators need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adjusted to the particular needs of an investigator, and improved and upgraded with additional features and custom software.

 

Most importantly it comes free of charge, based on open-source solutions and is fully transparent: instead of relying on third party tools with proprietary code, experts can use the Bitscout open-source code to build their own swiss-army knife for digital forensics.

 

The list of BitScout features includes:

●Disk image acquisition even with un-trained staff

●Training people on the go (shared view-only terminal session)

●Transferring complex pieces of data to your lab for deeper inspection

●Remote Yara or AV scanning of offline systems (essential against rootkits)

●Search and view registry keys (autoruns, services, plugged USB devices)

●Remote file carving (recovering deleted files)

●Remediation of the remote system if access is authorized by the owner

●Remote scanning of other network nodes (useful for remote incident response)

 

The tool is freely available at the GitHub code repository: https://github.com/vitaly-kamluk/bitscout

 

Read more on Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Symantec Protects Office 365 with Industry-Leading Data Loss Prevention and New Data Rights Management
Techworld Date Posted: 2 October 2018 11:30 AM | 32 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365. With Symantec DLP, data is protected whether.... See More
 
Symantec Protects Office 365 with Industry-Leading Data Loss Prevention and New Data Rights Management
Techworld Date Posted: 11:30 AM | 32 Views
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, today announced new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365. With Symantec DLP, data is protected whether...See More

 
Kaspersky Lab Appoints New General Manager for Southeast Asia
Techworld Date Posted: 1 March 2018 2:44 PM | 829 Views
Global cybersecurity company Kaspersky Lab has announced the appointment of Yeo Siang Tiong as its new General Manager for the Southeast Asia (SEA) region covering Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam. See More
 
Kaspersky Lab Appoints New General Manager for Southeast Asia
Techworld Date Posted: 2:44 PM | 829 Views
Global cybersecurity company Kaspersky Lab has announced the appointment of Yeo Siang Tiong as its new General Manager for the Southeast Asia (SEA) region covering Indonesia, Malaysia, the Philippines, Singapore, Thailand, and VietnamSee More

 
ViewSonic to Showcase XG Series of Gaming Monitors at ESGS 2017
Techworld Date Posted: 25 October 2017 2:32 PM | 20 Views
ViewSonic Corp., a leading global provider of visual solution products, today announced it will be exhibiting its latest gaming monitors at the Electronic Sports and Gaming Summit (ESGS) 2017,. See More
 
ViewSonic to Showcase XG Series of Gaming Monitors at ESGS 2017
Techworld Date Posted: 2:32 PM | 20 Views
ViewSonic Corp., a leading global provider of visual solution products, today announced it will be exhibiting its latest gaming monitors at the Electronic Sports and Gaming Summit (ESGS) 2017,See More

 
Petya, Wanna Cry, and Mirai—Is This the New Normal
Techworld Date Posted: 3 August 2017 5:01 PM | 18 Views
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren't new. Attacks like the ILOVEYOU.... See More
 
Petya, Wanna Cry, and Mirai—Is This the New Normal
Techworld Date Posted: 5:01 PM | 18 Views
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai,Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren't new. Attacks like the ILOVEYOU...See More

 
Are Data Breaches Stressing You Out?
Techworld Date Posted: 12 July 2018 1:11 PM | 18 Views
Common wisdom holds that the most stressful things a person might face in life are moving house, getting fired, or going through a divorce. In the grand scheme of things, stress caused by data.... See More
 
Are Data Breaches Stressing You Out?
Techworld Date Posted: 1:11 PM | 18 Views
Common wisdom holds that the most stressful things a person might face in life are moving house, getting fired, or going through a divorce. In the grand scheme of things, stress caused by data...See More

 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 9 January 2018 4:50 PM | 28 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.. See More
 
UBTECH Announces Arrival of Star Wars First Order Stormtrooper Robot with Companion App
Techworld Date Posted: 4:50 PM | 28 Views
UBTECH Robotics, a global leader in intelligent humanoid robots, today announced its latest offering, the Star Wars First Order Stormtrooper Robot by UBTECH, is now available in retail stores and online.See More

 
Epson PH to Focus on Core Technologies and B2B Operations for a Bigger Market Share This 2019
Techworld Date Posted: 28 May 2019 4:56 PM | 31 Views
To maintain its bullish PH market share this 2019, Epson Philippines Corporation (EPC) shared its plans to build on new businesses, minimize dependence on mainstream product segments and optimize its B2B operations in a.... See More
 
Epson PH to Focus on Core Technologies and B2B Operations for a Bigger Market Share This 2019
Techworld Date Posted: 4:56 PM | 31 Views
To maintain its bullish PH market share this 2019, Epson Philippines Corporation (EPC) shared its plans to build on new businesses, minimize dependence on mainstream product segments and optimize its B2B operations in a...See More

 
LG OLED TV WINS FOURTH CONSECUTIVE CE WEEK TV SHOOTOUT TITLE
Techworld Date Posted: 22 July 2017 2:39 PM | 523 Views
The highly acclaimed LG E7 OLED TV was crowned “2017 King of TV” in the 14thAnnual CE Week TV Shootout™ in a competition amongst six contending flagship 4K Ultra HD TV models during CE.... See More
 
LG OLED TV WINS FOURTH CONSECUTIVE CE WEEK TV SHOOTOUT TITLE
Techworld Date Posted: 2:39 PM | 523 Views
The highly acclaimed LG E7 OLED TV was crowned “2017 King of TV” in the 14thAnnual CE Week TV Shootout™ in a competition amongst six contending flagship 4K Ultra HD TV models during CE...See More

 
Victims of Malicious Crypto Miners Increase by 44% as 2.7 Million Internet Users Are Targeted in a Year
Techworld Date Posted: 10 July 2018 10:02 AM | 567 Views
The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show.... See More
 
Victims of Malicious Crypto Miners Increase by 44% as 2.7 Million Internet Users Are Targeted in a Year
Techworld Date Posted: 10:02 AM | 567 Views
The number of internet users that have been attacked by malicious crypto currency mining software has increased from 1.9 million to 2.7 million in just one year. Statistics for the last 24 months show...See More

 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 6 August 2018 4:32 PM | 585 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the.... See More
 
Cybercriminals Targeted at Least 400 Industrial Companies with Spear-Phishing Attack for Financial Gain
Techworld Date Posted: 4:32 PM | 585 Views
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters that hit at least 400 industrial organizations in an attempt to earn money for the...See More


Power by

Download Free AZ | Free Wordpress Themes