Working on Viruses from Home owing to Coronavirus? Here’s a Handy Remote Forensics Tool, Bitscout

FavoriteLoadingInsert to favorites

Now with Bulk Extractor, Loki, and RegRipper

IT safety professionals compelled to operate from dwelling in coming months owing to coronavirus (numerous firms are now mandating it) can get ready to do some of their operate on a new launch of an open supply instrument designed for distant electronic forensics, termed Bitscout.

A customisable live OS constructor instrument designed to assist consumers produce distant forensics bootable disk photos, Bitscout was initial open sourced by Russia’s Kaspersky Lab two many years back but seems to have seen constrained traction.

In a new push, Kasperky emphasised its cost-free and absolutely open supply mother nature: consumers are cost-free to reverse-engineer and modify any section of it.

Bitscout will allow consumers like malware researchers, electronic forensics industry experts and incident responders to analyse electronic proof. (Kaspersky Lab’s Vitaly Kamluk suggests the instrument was born although he was operating at the Electronic Forensics Lab at INTERPOL).

Bitscout twenty.04: What is New?

A new launch, twenty.04, comes packed with handy new open supply equipment. Now baked in:

RegRipper, an open supply instrument, published in Perl, for extracting/parsing data (keys, values, information) from the Registry and presenting it for investigation.

Bulk Extractor, a programme that extracts characteristics such as electronic mail addresses, credit card numbers, URLs, and other styles of data from electronic proof files

Loki, a scanner for uncomplicated indicators of compromise (IoCs) that allows Blue Team or other consumers check file identify IoCs (regex match on total file path/identify), and carry out Yara rule checks, hash checks and C2 back hook up checks.

See also – Introducing Frida: Because  – Like it Or Not – Hooking Into Proprietary Computer software is Valuable

Its builders have also “moved away from LXD container management which employed to be an overhead in the previous variations. The new container is primarily based on systemd-nspawn aspect which is presently section of OS anyway”, Kamluk claimed.

These seeking to give it a spin can use Ubuntu eighteen.04 – twenty.04.

Also new is the optional logging of bash instructions to a distant syslog server. This is particularly useful for environments wherever a Bitscout instance might be unexpectedly driven off or disconnected for a prolonged time because of to a community failure. It is also a good way to recall which instructions you have run to locate the clues.

Bitscout now also has its individual website. Have a play in this article.

See also: NSA’s Ghidra Open Sourced: Here’s the Cheat Sheet