Thursday, Sep 24, 2020 | Last Update : 07:39 PM IST

184th Day Of Lockdown

Maharashtra122438091634833015 Andhra Pradesh6317495518215410 Tamil Nadu5473374919718871 Karnataka5268764233778145 Uttar Pradesh3588932895945135 Delhi2492592133045014 West Bengal2283021989834421 Odisha184122149379763 Telangana1726081419301042 Bihar169856155824870 Assam159320129130578 Kerala13863398720554 Gujarat1247671051913337 Rajasthan116881972841352 Haryana113075908841177 Madhya Pradesh108167836182007 Punjab99930754092860 Chhatisgarh8618347653680 Jharkhand7267358543626 Jammu and Kashmir65026421151024 Uttarakhand4177729000501 Goa2875322726360 Puducherry2319118065467 Tripura2227215441245 Himachal Pradesh124387836125 Chandigarh102987411123 Manipur9010683859 Arunachal Pradesh7385540813 Nagaland5544445110 Meghalaya4733252838 Sikkim2447190529 Mizoram158510120
  Technology   In Other news  10 Jul 2017  Kaspersky brings software tool for collecting evidence after cyber-attacks

Kaspersky brings software tool for collecting evidence after cyber-attacks

DECCAN CHRONICLE
Published : Jul 10, 2017, 4:09 pm IST
Updated : Jul 10, 2017, 4:09 pm IST

Named BitScout, the tool can build a swiss-army knife for the remote forensic investigation of live systems.

Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers.
 Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers.

To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of its contamination or loss. Named BitScout, the tool can build a swiss-army knife for the remote forensic investigation of live systems and has been made freely available for all investigators to use.

In most cyberattacks, legitimate owners of compromised systems fall victim to unidentified perpetrators. Victims usually agree to cooperate and help security researchers find the infection vector or other details about the attackers. However, it is a longstanding concern among forensic researchers that the need to travel long distances to collect crucial evidence such as malware samples from infected computers can result in expensive and delayed investigations. The longer it takes for an attack to be understood, the longer it is before users are protected and perpetrators identified. However, the alternatives have either involved expensive tools and knowledge of how to operate them, or the risk of contaminating or losing evidence by moving it between computers.

 

To solve the problem, Vitaly Kamluk, Director of Kaspersky Lab’s Global Research and Analysis Team in Asia Pacific (APAC) has created an open-source digital tool that can remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling. Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

“The need to analyze security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy. But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this, freely and easily – so I decided to build one,” said Vitaly Kamluk.

 

Kaspersky Lab experts work closely with law enforcement agencies across the world to help in the technical analysis of cyber investigations. This gives them a unique insight into the challenges LEA personnel face when fighting modern cybercrime. The cybersecurity landscape is now so complex and sophisticated that investigators need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adjusted to the particular needs of an investigator, and improved and upgraded with additional features and custom software. Most importantly it comes free of charge, based on open-source solutions and is fully transparent: instead of relying on third party tools with proprietary code, experts can use the Bitscout open-source code to build their own swiss-army knife for digital forensics.

 

The list of BitScout features includes:

  • Disk image acquisition even with un-trained staff
  • Training people on the go (shared view-only terminal session)
  • Transferring complex pieces of data to your lab for deeper inspection
  • Remote Yara or AV scanning of offline systems (essential against rootkits)
  • Search and view registry keys (autoruns, services, plugged USB devices)
  • Remote file carving (recovering deleted files)
  • Remediation of the remote system if access is authorized by the owner
  • Remote scanning of other network nodes (useful for remote incident response)

Tags: kaspersky lab, cybercrime, cyberattacks