Coinbase has launched a new forensics framework called Dexter. The main intention is to have a remote, real-time forensics acquisition solution built for security. The information was released by Hayden Parker, Security Engineer at Coinbase, on December 21.
Security is a very important issue in the cryptocurrency space. It is necessary in order to protect customers and users using the Coinbase platform and transacting virtual currencies. In general, financial institutions have usually required higher standards than other customers at the time of handling their funds, privacy and data.
In the cryptocurrency space, having control of the private key is very important. With it is possible to access the funds that an investor has. Once that’s performed, there’s no coming back. If a stealer makes a transaction, there are no reversals possible.
At the moment there are several forensics acquisition projects in the market, according to Mr. Parker. Dexter has been entirely designed to wrap other tools and perform forensics tasks. Dexter is better than other projects because it has an enhanced secure approval process for investigations and it advances beyond the capabilities present in other tools with the secure retrieval process for forensic artefacts.
The company built a forensic task that is codified in the application and added through Coinbase’s code review process. At the same time, they have decided to encrypt all the artefacts collected by forensics tasks. Each of the members of the team is identified with a public key and each investigation has an adequated number of signatures to increase investigations’ safety.
About how Dexter works, Parker wrote:
“Dexter runs as a daemon, ready to collect forensics artefacts when an investigation reaches the required consensus threshold. This daemon is designed to work in a variety of environments, from a Linux production environment in EC2 to an OSX or Windows fleet in office.”
Investigators will decide which tasks to run and they will be able to also chose the host to scope the investigation. Once an investigation is complete, investigators can instruct Dexter to kill running containers on a host or simply shut hosts down.
The company informed that they are building a larger vision of incident response. Using automation processes it will be possible to reduce the amount of time that it takes for investigators to have relevant information. At the moment, Dexter is still in its infancy and it is just being rolled out.
Earlier this year, the company released Salus, which brings the best application security scanners under one roof.