Now with Bulk Extractor, Loki, and RegRipper
IT security professionals pressured to operate from house in coming months owing to coronavirus (several providers are now mandating it) can get completely ready to do some of their operate on a new release of an open up supply device built for remote digital forensics, referred to as Bitscout.
A customisable dwell OS constructor device built to enable people produce remote forensics bootable disk images, Bitscout was first open up sourced by Russia’s Kaspersky Lab two several years ago but appears to have noticed minimal traction.
In a fresh new press, Kasperky emphasised its no cost and thoroughly open up supply mother nature: people are no cost to reverse-engineer and modify any part of it.
Bitscout makes it possible for people like malware scientists, digital forensics authorities and incident responders to analyse digital proof. (Kaspersky Lab’s Vitaly Kamluk suggests the device was born while he was working at the Digital Forensics Lab at INTERPOL).
Bitscout twenty.04: What is New?
A new release, twenty.04, arrives packed with helpful new open up supply resources. Now baked in:
RegRipper, an open up supply device, published in Perl, for extracting/parsing info (keys, values, info) from the Registry and presenting it for investigation.
Bulk Extractor, a programme that extracts capabilities these kinds of as electronic mail addresses, credit rating card numbers, URLs, and other types of info from digital proof data files
Loki, a scanner for very simple indicators of compromise (IoCs) that lets Blue Crew or other people check out file title IoCs (regex match on total file route/title), and conduct Yara rule checks, hash checks and C2 back hook up checks.
See also – Introducing Frida: Because – Like it Or Not – Hooking Into Proprietary Software is Valuable
Its developers have also “moved away from LXD container management which used to be an overhead in the past variations. The new container is centered on systemd-nspawn characteristic which is now part of OS anyway”, Kamluk stated.
Those people seeking to give it a spin can use Ubuntu eighteen.04 – twenty.04.
Also new is the optional logging of bash instructions to a remote syslog server. This is specifically useful for environments the place a Bitscout occasion may be unexpectedly driven off or disconnected for a long time because of to a community failure. It is also a great way to try to remember which instructions you have operate to locate the clues.
Bitscout now also has its individual website. Have a participate in right here.
See also: NSA’s Ghidra Open up Sourced: Here’s the Cheat Sheet