blog
>
Open Source

SPECTR3: Remote Acquisition Tool

David Julián
,
CEO de Alpine Security

Alpine Security would like to share with the community a new project we have been working on for some time now:

alpine-sec/SPECTR3: Forensic tool for acquisition, triage and analysis of remote block devices via iSCSI protocol. (github.com)

SPECTR3 aims to facilitate live forensics work by making remote endpoint block devices available to the investigator as if they were a local disk drive. This makes it quick and easy to perform complete remote volume acquisitions, triages, or analyses with the investigator's favorite tools and scripts on his own workstation without installing anything on the endpoints.


Main features of SPECTR3:

  • Full remote and secure access to volumes and disks on ReadOnly
  • Fully portable, no installation required on the endpoint
  • Native support for Reverse SSH tunneling encryption
  • Daemon mode for remote execution of SPECTR3 via third-party software
  • IP access control whitelisting
  • Service Mode (Comming Soon)
  • Linux version (Comming Soon)

The goal is to provide the community with a simple command line and open-source tool for scenarios where a simple triage is insufficient and a full remote acquisition or fast disk access becomes necessary.

We hope you enjoy the tool as much as we do, and together, we will gradually improve it to enhance the capabilities of the forensic community.

Best regards.

share this post

David Julián
CEO de Alpine Security