WOBURN, MA – July 6, 2017 — /BackupReview.info/ — To streamline the process of gathering evidence from infected computers after a cyberattack, a Kaspersky Lab expert developed an innovative but simple, free tool that is now available. The new tool, “BitScout,” allows investigators to build a “Swiss army knife” for the forensic investigation of live systems by remotely collecting vital data without risking contamination or loss of information.

In most cyberattacks, victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers. However, it is a constant concern among forensic researchers that the time needed to physically travel to collect critical evidence, such as malware samples from infected computers, can result in expensive and delayed investigations.

Until now, the only options have been to rely on expensive, third party tools with proprietary code and knowledge needed of how to operate them, or taking the risk of contaminating or losing evidence by moving it between computers.

To address these challenges, Vitaly Kamluk, director of Kaspersky Lab’s Global Research and Analysis Team (GReAT) in Asia Pacific (APAC), created BitScout, a free, open-source tool that experts can use to build their own digital forensics toolbox. With this tool, investigators can remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling. Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

“The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy,” said Kamluk. “But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this freely and easily, so I decided to build one.”

Kaspersky Lab experts work closely with law enforcement agencies (LEA) across the world to help in the technical analysis of cyber investigations. This gives them a unique insight into the challenges LEA personnel face when fighting modern cybercrime. The cybersecurity landscape is now so complex and sophisticated that investigators need tools that can adapt and scale to the demands of the job.

The capabilities of BitScout includes:

  • Disk image acquisition, even with un-trained staff
  • Training people on the go (shared view-only terminal session)
  • Transferring complex pieces of data to your lab for deeper inspection
  • Remote Yara or AV scanning of offline systems (essential against rootkits)
  • Search and view registry keys (autoruns, services, plugged USB devices)
  • Remote file carving (recovering deleted files)
  • Remediation of the remote system if access is authorized by the owner
  • Remote scanning of other network nodes (useful for remote incident response)

BitScout is available at the GitHub code repository here: https://github.com/vitaly-kamluk/bitscout

Read more on Securelist.com

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Denise Bertrand
781.503.1836
Denise.Bertrand@kaspersky.com

Source: Kaspersky

 

 

Related posts:

  1. New Kaspersky Endpoint Security for Business Delivers Enhanced Data Protection and Manageability Across All Platforms and Devices
  2. Kaspersky Lab Reports Malicious Attack Increase in Q1 IT Threat Evolution Report
  3. Dropping Elephant: Cyber-espionage Group Hunts High Profile Targets with Low Profile Tools
  4. Kaspersky Lab Number of the Year 2016: 323,000 Pieces of Malware Detected Daily
  5. Kaspersky Lab and Acronis Collaborate to Provide Channel Partners with Premium Security and Backup Solutions for Businesses
  6. The Number of Financial Attacks Against Android Users Tripled in 2014
  7. One Billion More: Kaspersky Lab Reports on Cyber Threats in 2014
  8. Kaspersky Lab Detected a 14% Increase in New Ransomware Modifications in Q1 2016
  9. Kaspersky Lab Bolsters Linux Mail Server Protection with Real-Time Threat Data and New Management Features
  10. Kaspersky Launches Free Anti-Theft Android App Phound!

Tags: ,