BitScout: To overcome the need for researchers to travel around the globe to detect data from infected computers after cyber attacks, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of infection or losses. 
The BitScout tool can build a "Swiss knife" for remote judicial research into active systems and is available for use by all researchers.
In most cyberattacks, legitimate owners of compromised systems fall victim to unknown perpetrators. Victims usually agree to cooperate and assist security investigators in order to find the infection vector or other details about the attackers. However, what has long worried researchers is that the need to travel long distances to collect important evidence such as malware samples from infected computers makes investigations expensive and time-consuming. The longer it takes to understand the attack, the longer it takes to protect users and identify the perpetrators. However, the alternatives either require expensive tools and specialized knowledge of how they work, or carry the risk of contamination or loss of evidence due to transfer between computers.
To solve the problem, Vitaly Kamluk, Director of its Global Research and Analysis Group Kaspersky Lab for the Asia Pacific region, created an open-source digital tool that is capable of collecting - remotely - material from attacks by acquiring an overall image of the disk through the network or locally connected storage sites, as well as advising remotely about handling malicious software attacks. Data that is evidence can be viewed and analyzed remotely or locally, while data storage from the source remains intact through reliable isolation.
"The need to analyze security incidents as efficiently and instantaneously as possible is quite important, as opponents are constantly evolving and increasing their secrecy. But quick reaction without calculating costs is not the right answer - we need to ensure that the evidence remains intact so that investigations can be considered valid and that their results can be used in court if necessary. I could not find a tool that would allow us to achieve all of this, free and easy - so I decided to create one, "he said. Vitaly Kamluk.
Οι ειδικοί της Kaspersky Lab δουλεύουν μαζί με τις υπηρεσίες επιβολής του νόμου σε όλο τον πλανήτη με σκοπό να βοηθήσουν στην technique ανάλυση των διαδικτυακών ερευνών. Αυτό τους δίνει μία μοναδική εικόνα για τις προκλήσεις που αντιμετωπίζει το προσωπικό της LEA όταν μάχονται εναντίον του σύγχρονου κυβερνοεγκλήματος. Το τοπίο της κυβερνοασφάλειας είναι πλέον τόσο περίπλοκο και εξελιγμένο που οι ερευνητές χρειάζονται εργαλεία που μπορούν να προσαρμοστούν και να κλιμακωθούν στις απαιτήσεις της work. BitScout is a good example of this. It can be adapted to the needs of a researcher and enhanced with add-ons functions και προσωποποιημένο λογισμικό. Το πιο σημαντικό είναι ότι είναι δωρεάν, βασιζόμενο σε λύσεις ανοιχτού πηγαίου κώδικα και είναι πλήρως διαυγές: αντί να βασίζονται σε εργαλεία τρίτων με ιδιόκτητο κώδικα, οι ειδικοί μπορούν να χρησιμοποιούν τον ανοιχτό πηγαίο κώδικα του BitScout ώστε να δημιουργούν το δικό τους «ελβετικό σουγιά» για ψηφιακές εγκλήματα.
The list of BitScout features includes:
- Picture on disk even with unskilled staff.
- Train people on the move (Shared Viewing Terminal).
- Transfer complex data-data to your workshop for deeper inspecting.
- Remote control Yara or AV offline systems (necessary against rootkits).
- Search and view in registry keys (autoruns, services, connected USB devices).
- Remote file scraping (deleting deleted files).
- Restoring the remote system if access is allowed by the owner.
- Remote scan of other network nodes (useful for remote incident response).
The tool is available for free at GitHub: https://github.com/vitaly-kamluk .
More information about BitScout can be found on the dedicated site Securelist.com.
