Just like in a real-life crime scene, forensic evidence for cyber-crimes must not be tampered with. That's why sometimes investigations take too long – forensic researchers need a lot of time to reach the crime scene and extract malware samples without compromising evidence.
Kaspersky Lab identified this as a huge pain point in the combat against cyber-crime, and has since released a tool to help all researchers do their work faster and with more precision.
The tool, named BitScout, allows researchers to “remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling”. The tool also allows security experts to view and analyse data remotely or locally, while source data storage remains intact through container-based isolation.
“The need to analyse security incidents as efficiently and swiftly as possible is increasingly important, as adversaries grow ever more advanced and stealthy. But speed at all costs is not the answer either – we need to ensure evidence is untainted so that investigations are trusted and results can be qualified for use in court if required. I couldn’t find a tool that allowed us to achieve all of this, freely and easily – so I decided to build one,” said Vitaly Kamluk.
The tool is free and can be found on this link.
Image source: Shutterstock/alexskopje