CONTINUE TO SITE »
or wait 15 seconds

News

Kaspersky's BitScout simplifies cyberattack sleuthing

July 12, 2017

Kaspersky Lab has announced the launch a free tool to help companies streamline the process of gathering evidence from infected computers after a cyberattack.

An "innovative but simple" new tool, according to a Kaspersky press release, BitScout, allows investigators to build a "Swiss army knife" for the forensic investigation of live systems. BitScout remotely collects vital data without risking contamination or loss of information of a system.

Forensic researchers face the constant concern that traveling to physically collect critical evidence — for instance, malware samples from infected computers — can result in expensive and delayed investigations.

Previously, the only options were to rely on expensive, third-party tools that used proprietary code and required knowledge to operate, or to take the risk of contaminating or losing evidence by moving it between computers.

To address these challenges, Vitaly Kamluk, director of Kaspersky Lab's Global Research and Analysis Team in Asia Pacific, created BitScout, a free, open-source tool that experts can use to build their own digital forensics toolbox.

BitScout features and capabilities include:

  • disk image acquisition, even with untrained staff;
  • on-the-go training (shared view-only terminal session);
  • transfer of complex data to your lab for inspection;
  • remote Yara or AV scanning of offline systems (essential against rootkits);
  • search and view registry keys (autoruns, services, plugged USB devices);
  • remote file carving (recovering deleted files);
  • remediation of the remote system if access is authorized by the owner; and
  • remote scanning of other network nodes (useful for remote incident response).

"The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy," said Kamluk. "But speed at all costs is not the answer either — we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court, if required. I couldn't find a tool that allowed us to achieve all of this freely and easily, so I decided to build one."

BitScout is available at the GitHub code repository: https://github.com/vitaly-kamluk/bitscout

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
NCR Atleos earns #5 rank in fintech rankings
SEC to revamp cryptocurrency policies amid Trump's pro crypto push
Chase selects Nova Credit for cash flow underwriting
Metropolitan Commercial Bank named as an SBA loan provider


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'