BitScout: To overcome the need for researchers to travel around the globe to detect data from infected computers after cyber attacks, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of infection or losses. 
The BitScout tool can build a "Swiss knife" for remote judicial research into active systems and is available for use by all researchers.
In most cyberattacks, legitimate owners of compromised systems fall victim to unknown perpetrators. Victims usually agree to cooperate and assist security investigators in order to find the infection vector or other details about the attackers. However, what has long worried researchers is that the need to travel long distances to collect important evidence such as malware samples from infected computers makes investigations expensive and time-consuming. The longer it takes to understand the attack, the longer it takes to protect users and identify the perpetrators. However, the alternatives either require expensive tools and specialized knowledge of how they work, or carry the risk of contamination or loss of evidence due to transfer between computers.
To solve the problem, Vitaly Kamluk, Director of the World Group of Research and Kaspersky Lab for the Asia-Pacific region, created an open-source digital tool that has the ability to collect - remotely - footage from the attacks, obtaining total picture of the disk over the network or locally attached storage areas, as well as remotely advise on handling in cases of malware attack. Evidence-based data can be viewed and analyzed remotely or locally, while data storage from the source remains intact through reliable isolation.
"The need to analyze security incidents as efficiently and instantaneously as possible is quite important, as opponents are constantly evolving and increasing their secrecy. But quick reaction without calculating costs is not the right answer - we need to ensure that the evidence remains intact so that investigations can be considered valid and that their results can be used in court if necessary. I could not find a tool that would allow us to achieve all of this, free and easy - so I decided to create one, "he said. Vitaly Kamluk.
Οι ειδικοί της Kaspersky Lab δουλεύουν μαζί με τις υπηρεσίες επιβολής του νόμου σε όλο τον πλανήτη με σκοπό να βοηθήσουν στην τεχνική ανάλυση των διαδικτυακών ερευνών. Αυτό τους δίνει μία μοναδική εικόνα για τις προκλήσεις που αντιμετωπίζει το προσωπικό της LEA όταν μάχονται εναντίον του σύγχρονου κυβερνοεγκλήματος. Το τοπίο της κυβερνοασφάλειας είναι πλέον τόσο περίπλοκο και εξελιγμένο που οι ερευνητές χρειάζονται εργαλεία που μπορούν να προσαρμοστούν και να κλιμακωθούν στις απαιτήσεις της εργασίας. Το BitScout είναι ένα καλό παράδειγμα αυτού. Μπορεί να προσαρμοστεί στις εκάστοτε ανάγκες ενός ερευνητή και να βελτιωθεί με πρόσθετες functions and personalized software. Most importantly, it's free, based on open source solutions, and completely transparent: instead of relying on third-party tools with proprietary code, experts can use BitScout's open source code to create their own Swiss army knife for digital crimes.
The list of BitScout features includes:
- Picture on disk even with unskilled staff.
- Training people on the go (shared terminal station projection).
- Transfer complex data-data to your workshop for deeper inspecting.
- Remote control of Yara or AV offline systems (necessary against rootkits).
- Search and view keys registery (autoruns, services, connected USB devices).
- Remote file scraping (deleting deleted files).
- Restoring the remote system if access is allowed by the owner.
- Remote scan of other network nodes (useful for remote incident response).
The tool is available for free at GitHub: https://github.com/vitaly-kamluk .
More information about BitScout can be found on the dedicated site Securelist.com.
