View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 28, 2020

Working on Viruses from Home owing to Coronavirus? Here’s a Handy Remote Forensics Tool

Now with Bulk Extractor, Loki, and RegRipper

By CBR Staff Writer

IT security specialists forced to work from home in coming weeks owing to coronavirus (many companies are now mandating it) can get ready to do some of their work on a new release of an open source tool designed for remote digital forensics, called Bitscout.

A customisable live OS constructor tool designed to help users create remote forensics bootable disk images, Bitscout was first open sourced by Russia’s Kaspersky Lab two years ago but appears to have seen limited traction.

In a fresh push, Kasperky emphasised its free and fully open source nature: users are free to reverse-engineer and modify any part of it.

Bitscout allows users like malware researchers, digital forensics experts and incident responders to analyse digital evidence. (Kaspersky Lab’s Vitaly Kamluk says the tool was born while he was working at the Digital Forensics Lab at INTERPOL).

Bitscout 20.04: What’s New?

A new release, 20.04, comes packed with handy new open source tools. Now baked in:

RegRipper, an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.

Bulk Extractor, a programme that extracts features such as email addresses, credit card numbers, URLs, and other types of information from digital evidence files

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Loki, a scanner for simple indicators of compromise (IoCs) that lets Blue Team or other users check file name IoCs (regex match on full file path/name), and conduct Yara rule checks, hash checks and C2 back connect checks.

See also – Introducing Frida: Because  – Like it Or Not – Hooking Into Proprietary Software is Useful

Its developers have also “moved away from LXD container management which used to be an overhead in the past versions. The new container is based on systemd-nspawn feature which is already part of OS anyway”, Kamluk said.

Those wanting to give it a spin can use Ubuntu 18.04 – 20.04.

Also new is the optional logging of bash commands to a remote syslog server. This is particularly useful for environments where a Bitscout instance may be unexpectedly powered off or disconnected for a long time due to a network failure. It is also a great way to remember which commands you have run to find the clues.

Bitscout now also has its own website. Have a play here.

See also: NSA’s Ghidra Open Sourced: Here’s the Cheat Sheet

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU