BitScout: To overcome the need for researchers to travel around the globe to detect data from infected computers after cyber attacks, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of infection or losses.
Το εργαλείο με όνομα BitScout μπορεί να χτίσει έναν «ελβετικό σουγιά» για απομακρυσμένη δικαστική έρευνα εν ενεργεία συστημάτων και παρέχεται ελεύθερο για χρήση σε όλους τους researchers.
In most cyberattacks, legitimate owners of compromised systems fall victim to unknown perpetrators. Victims usually agree to cooperate and assist security researchers in order to find the infection vector or other details about the attackers. However, what has long worried researchers is that the need to travel long distances to collect important evidence such as malware samples from infected computers makes investigations expensive and time-consuming. The longer it takes to understand the attack, the longer it takes to protect users and identify the perpetrators. However, the alternatives either require expensive tools and specialized knowledge of how they work, or carry the risk of contamination or loss of evidence due to transportbetween computers.
To solve it problem, Vitaly Kamluk, Director of its Global Research and Analysis Group Kaspersky Lab for the Asia-Pacific region, created an open-source digital tool that has the ability to collect - remotely - material from attacks, gaining a global view of the disk over the network or locally attached storage areas, as well as remotely advising on handling in cases of malware attack. Evidential data can be viewed and analyzed remotely or locally, while storage data from the source remains intact through reliable isolation.
"The need to analyze security incidents as efficiently and instantaneously as possible is quite important, as opponents are constantly evolving and increasing their secrecy. But quick reaction without calculating costs is not the right answer - we need to ensure that the evidence remains intact so that investigations can be considered valid and that their results can be used in court if necessary. I could not find a tool that would allow us to achieve all of this, free and easy - so I decided to create one, "he said. Vitaly Kamluk.
Kaspersky Lab specialists work with law enforcement agencies around the globe to help with the technical analysis of online surveys. This gives them a unique picture of the challenges faced by LEA staff when they fight against modern cybercrime. The cybersecurity landscape is now so sophisticated and sophisticated that researchers need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adapted to the needs of a researcher and improved with additional features and personalized software. Most importantly, they are free, based on open source solutions and are completely clear: instead of relying on proprietary third-party tools, experts can use BitScout's open source code to create their own "Swiss Knife" for digital crimes.
The list of BitScout features includes:
- Picture on disk even with unskilled staff.
- Train people on the move (Shared Viewing Terminal).
- Transfer complex data-data to your workshop for deeper inspecting.
- Remote control Yara or AV offline systems (necessary against rootkits).
- Search and view in registry keys (autoruns, services, connected USB devices).
- Remote file scraping (deleting deleted files).
- Restoring the remote system if access is allowed by the owner.
- Remote scan of other network nodes (useful for remote incident response).
The tool is available for free at GitHub: https://github.com/vitaly-kamluk .
More information για το BitScout μπορείτε να βρείτε στον ειδικό ιστότοπο Securelist.com.