View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 28, 2020

Working on Viruses from Home owing to Coronavirus? Here’s a Handy Remote Forensics Tool

Now with Bulk Extractor, Loki, and RegRipper

By CBR Staff Writer

IT security specialists forced to work from home in coming weeks owing to coronavirus (many companies are now mandating it) can get ready to do some of their work on a new release of an open source tool designed for remote digital forensics, called Bitscout.

A customisable live OS constructor tool designed to help users create remote forensics bootable disk images, Bitscout was first open sourced by Russia’s Kaspersky Lab two years ago but appears to have seen limited traction.

In a fresh push, Kasperky emphasised its free and fully open source nature: users are free to reverse-engineer and modify any part of it.

Bitscout allows users like malware researchers, digital forensics experts and incident responders to analyse digital evidence. (Kaspersky Lab’s Vitaly Kamluk says the tool was born while he was working at the Digital Forensics Lab at INTERPOL).

Bitscout 20.04: What’s New?

A new release, 20.04, comes packed with handy new open source tools. Now baked in:

RegRipper, an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

Bulk Extractor, a programme that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files

Loki, a scanner for simple indicators of compromise (IoCs) that lets Blue Team or other users check file name IoCs (regex match on full file path/name), and conduct Yara rule checks, hash checks and C2 back connect checks.

See also – Introducing Frida: Because  – Like it Or Not – Hooking Into Proprietary Software is Useful

Its developers have also “moved away from LXD container management which used to be an overhead in the past versions. The new container is based on systemd-nspawn feature which is already part of OS anyway”, Kamluk said.

Those wanting to give it a spin can use Ubuntu 18.04 – 20.04.

Also new is the optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

Bitscout now also has its own website. Have a play here.

See also: NSA’s Ghidra Open Sourced: Here’s the Cheat Sheet


Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy