BitScout: Remote Digital Forensics Toolkit

Abstract

Forensic Science has been full of challenges for most of the Law Enforcement Agency (LEA) as we need to physically visit the crime scene, acquire evidence, then preserve it for forensic analysis. The path of collecting evidences from crime site and then bringing it to the Forensic Labs. becomes much cumbersome as the evidence may be corrupted or altered during transit. So why not to adopt a system for readily analysis of a compromised system without going to the crime site and sitting on one’s chair or forensic workstation? The answer may be yes, we can but will it be easy and ethical to acquire evidence from a system remotely without visiting the crime scene physically. Vitaly Kamluk from Kaspersky Labs made this possible now by launching a new forensic tool called BitScout . To solve this problem, security researchers and Forensic Investigator can now use BitScout to collect remotely, key forensic evidences, to acquire full disk images via the network or locally attached storage devices, or simply to assist in malware incident handling. Evidence data can be viewed and analysed remotely or locally while the source data storage remains intact through reliable container-based isolation. BitScout is an open-source and free tool developed by security researchers for all people interested in digital forensics and cyber crimes investigations.