DSD releases resilient open source forensics tool

By

Agency reveals it is more than a spook outfit.

Security boffins within the Defence Signals Directorate have released an open source forensics tool that improves the process of “carving out” target data stored within other file formats.

DSD releases resilient open source forensics tool

The so-called Pronghorn tool is exceptionally resilient to external and internal process failure, compared to existing options. It allows each layer of nesting to be analysed by different software.

Pronghorn

DSD authors told SC Pronghorn allowed experimentation with a number of novel techniques.

“The key strength of the Pronghorn framework is resilience to external and internal process failure,” the authors said, requesting anonymity.

“Pronghorn ties together multiple libraries in order to perform analytical tasks, but is exceptionally resilient to external library failure and incorporates mechanisms that allow the user to identify which libraries are more trusted.”

The DSD authors said some existing open source carving tools struggled to find data contained within other files.

“An example of this might be an image, located inside a word document, located inside a zip file.”

They explained that Pronghorn was resilient to component failure and quick to recover because each process was completely separated.

It also made heavy use of the Filesystem in UserSpace libraries that allowed analysis of data without duplication and the use of a wide range of open source libraries with little modification.

More than just spooks

The DSD authors planned to demonstrate Pronghorn and other tools at Linux.conf.au next year, to promote the intelligence agency as one that has actively engaged with the open source community for the last decade.

“As Australia is experiencing an increasing number of attempts to infiltrate networks in the public and private sectors, DSD actively participates in the open source community. This collaboration is of mutual benefit for the open source community and DSD,” the authors said.

“DSD encourages an environment conducive to innovation by fully supporting projects that contribute to and benefit the open source community.”

Some open source tools were developed privately by DSD security staff, to help with professional development.

Others were part of official DSD security projects and released to the public for various reasons.

The WhiteTrash proxy tool, for example, was released as a useful tool to demonstrate how such a system could be implemented by other open source projects or vendors.

Other DSD open source software projects of note include:

  • White Trash - an easy-to-use proxy that makes it harder for malware to exploit HTTP and SSL. The name is derived from a whitelist ‘trashing’ malware.
  • Spill Guard – is a Data Loss Prevention plugin for Microsoft Office. The name simply refers to the prevention of spills.
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?