BitProbe: A Unified Tool for Automated Malware Analysis and Live Forensic Triage on Windows

Modern enterprise security operations face a deepening asymmetry: the average cost of a data breach reached approximately USD 4. 44 million globally in 2025, while the mean time to identify and contain incidents hovered near 241 days. This paper presents BitProbe, a Windows-first orchestration framework that chains industry-standard forensic utilities into a single, privilege-aware automated pipeline. BitProbe integrates pefile, yara-python, Ghidra headless, Sysinternals ProcMon and TCPView, TShark (≈60s packet capture), WinPMEM memory acquisition, volatility3 plugin chains, and scapy for network traffic dissection. A compileₘasterᵣeport () function aggregates all structured JSON artifacts into a single formatted forensic report, packaged as a standalone. exe via PyInstaller. Experimental evaluation against five malware families — WannaCry, Emotet, TrickBot, a generic password stealer, and Mirai — demonstrates a 95. 1% average reduction in total analysis time, a 94% YARA detection rate, and an 87% IOC recall rate against published ground-truth threat intelligence.