BitScout - Remote incident response and digital forensics toolkit
Recently I attended a presentation by Vitaly Kamluk (@vkamluk) who contributes to BitScout. BitScout is a live CD/USB bootable image that enables incident responders to remotely triage systems whilst maintaining data integrity.
I was in awe as Vitaly started a local virtual machine with the remote block device attached, then proceed to debug the master boot record. The project was developed to carry out incident response in hostile locations with poor internet connectivity.
Now its not something you would use everyday, but consider a remote power plant with a malware infection on a production system. Sure you would have to shutdown the system, separate it from the production network and establish connectivity (because your production systems shouldn’t be connected to the internet, right!?!) but you would be able to triage in a matter minutes than hours.
With the right processes in place a production system could be swapped out whilst the infected machine is triaged remotely. In the real world its never that simple but it couldn’t hurt to have a BitScout USB device at every critical location for emergency use?
Check out the great work at Github: https://github.com/vitaly-kamluk/bitscout