BitScout: To overcome the need for researchers to travel around the globe to detect data from infected computers after cyber attacks, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of infection or losses. 
The tool named BitScout can build a "Swiss army knife" for remote forensics research active systems and is provided free for use by all researchers.
In most cyberattacks, legitimate owners of compromised systems fall victim to unknown perpetrators. Victims usually agree to cooperate and assist security investigators in order to find the infection vector or other details about the attackers. However, what has long worried researchers is the need to travel long distances for the collection sensitive data such as malware samples from infected computers make investigations expensive and time-consuming. The longer it takes to understand the attack, the longer it takes to protect users and identify the perpetrators. However, the alternatives either require expensive tools and specialized knowledge of how they work, or carry the risk of contamination or loss of evidence due to transfer between computers.
To solve the problem, Vitaly Kamluk, Director of the World Group of Research and Kaspersky Lab for region Ασίας-Ειρηνικού, δημιούργησε ένα ψηφιακό εργαλείο ανοιχτού κώδικα που έχει τη δυνατότητα να συλλέγει – εξ αποστάσεως- υλικό από τις επιθέσεις, αποκτώντας συνολική εικόνα του δίσκου μέσω του δικτύου ή τοπικά συνδεδεμένων χώρων αποθήκευσης, όπως ακόμα να συμβουλεύει εξ αποστάσεως για τον χειρισμό σε περιπτώσεις επίθεσης κακόβουλου λογισμικού. Τα δεδομένα που αποτελούν αποδεικτικά στοιχεία μπορούν να προβληθούν και να αναλυθούν εξ αποστάσεως ή τοπικά, ενώ η αποθήκευση δεδομένων από την πηγή παραμένει ανέπαφη μέσω αξιόπιστης απομόνωσης.
"The need to analyze security incidents as efficiently and instantaneously as possible is quite important, as opponents are constantly evolving and increasing their secrecy. But quick reaction without calculating costs is not the right answer - we need to ensure that the evidence remains intact so that investigations can be considered valid and that their results can be used in court if necessary. I could not find a tool that would allow us to achieve all of this, free and easy - so I decided to create one, "he said. Vitaly Kamluk.
Kaspersky Lab experts work together with law enforcement agencies around the world to assist in the technical analysis of online investigations. This gives them a unique insight into the challenges LEA staff face when fighting modern cybercrime. The cybersecurity landscape is now so complex and sophisticated that researchers need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adapted to the needs of a researcher and enhanced with add-ons functions and personalized software. Most importantly, it's free, based on open source solutions, and completely transparent: instead of relying on third-party tools with proprietary code, experts can use BitScout's open source code to create their own Swiss army knife for digital crimes.
The list of BitScout features includes:
- Picture on disk even with unskilled staff.
- Train people on the move (Shared Viewing Terminal).
- Transfer complex data-data to your workshop for deeper inspecting.
- Remote control Yara or AV offline systems (necessary against rootkits).
- Search and view in registry keys (autoruns, services, connected USB devices).
- Remote file scraping (deleting deleted files).
- Restoring the remote system if access is allowed by the owner.
- Remote scan of other network nodes (useful for remote incident response).
The tool is available for free at GitHub: https://github.com/vitaly-kamluk .
More information about BitScout can be found on the dedicated site Securelist.com.
