Bifrost · Australian made

The trusted bridge for untrusted data

Offline, zero-persistence malware scanning and data inspection for removable media — purpose-built for air-gapped and sensitive environments.

Request a demo → Read the technical spec

Scan phases per inspection

5k+

YARA detection rules

72M

Known-good file hashes

Data retained after shutdown

What is Bifrost?

Bifrost is a purpose-built scanning kiosk for removable media — USB drives, SD cards, portable hard drives — entering or leaving air-gapped and classified environments. It's a physical device that sits at the boundary: plug in a drive, get a malware and content report, and know what's on the media before it crosses the gap. The device retains nothing. Every scan is wiped from RAM on shutdown. Protected against all current and future malware threats. Suitable for all classifications of data.

Why Bifrost?

In Norse mythology, the Bifrost is the burning rainbow bridge between Midgard — the world of humans — and Asgard — the realm of the gods. Guarded by Heimdall, it was the only path between realms, and nothing could cross it unchallenged.

Bifrost the scanner serves the same purpose. It's the controlled bridge between untrusted and trusted domains — the single point where removable media is inspected before it crosses the air gap. Like its namesake, nothing passes without scrutiny.

What Bifrost does

Operates offline

Purpose-built for air-gapped networks. No network interfaces, no telemetry, no dependencies on external services.

Zero persistence

Runs entirely in RAM. Sanitised to ISM-0351/0352 on shutdown. Nothing survives a power cycle.

All classifications

Suitable for all classifications of data. Keyword sets, rule profiles, and scanning depth adapt per session — from unclassified through to the highest caveats. One device covers every level.

Managed updates

Signature engine and scanning rules delivered through a protected image pipeline. Ongoing support built in.

Self-protecting

Multiple layers of self-protection against tampering, including BadUSB attack prevention. Only mass-storage devices are accepted — keyboard and HID emulation attacks are blocked at the hardware level.

How it works

From boot to report in minutes

Build the image

ISO built with latest OS, scanning engines, signature databases, and ruleset. Can be automatically or manually written to portable protected hardware.

Boot

Power on. The system boots read-only and loads entirely into RAM. No persistent disk, no swap, no writable storage.

Insert target media

Connect removable media through the hardware write-blocker. Bifrost mounts it read-only and runs seven inspection phases automatically.

Read the report

Results displayed on screen or exported to trusted USB as a scan report. Clean files can be transferred from untrusted to trusted media.

Sanitise and shutdown

Volatile memory is overwritten and sanitised to ISM-0351/0352 standard before power-off. All data is wiped, zero persistence. System is clean for the next scan.

Scanning pipeline

Seven phases, one report

Each scan runs through a fixed sequence of inspection phases. Every phase contributes to the final report.

Mount

Target media mounted read-only through the hardware write-blocker.

Inventory

Every file catalogued — name, size, type, timestamps, cryptographic hash.

Signature scan

Files checked against a curated multi-engine malware signature database.

Rule-based heuristics

YARA-rule detection for malware families, techniques, and known-bad patterns.

Behavioural checks

Executables inspected for suspicious capabilities, packing, and embedded strings.

Keyword search

Content searched for classification markers and configurable keyword sets.

Report

Findings aggregated into a single report — screen, print, or both.

Usage flow

What happens during a scan

START

Boot

System loads from protected media into RAM

Select classification

Operator chooses the classification level — keyword sets and scanning rules adapt

Insert media

Target media connected through write-blocker, mounted read-only

Scan pipeline

Mount Inventory Signatures YARA rules Behaviour Keywords Report

Review results

Findings on screen. Export to trusted USB or print to thermal printer

END

Sanitise

RAM wiped to ISM-0351/0352. Device powers off clean

Deployment options

Runs on any x86 hardware

Bifrost portable boot media can run on any x86 hardware, but is most effective when combined with trusted hardware. Choose the form factor that fits your environment — scanning capability is identical. Suitable for highly sensitive environments.

Desktop kiosk

Compact form factor for fixed installations. Sits at a checkpoint — entry point, guard station, or classification control zone. Connects to an external display and write-blocker. Always ready, always in position.

Small-form-factor hardware
External display and peripherals
Permanent installation

Portable unit

All-in-one laptop configuration for field use, deployments, and mobile teams. Built-in display and integrated write-blocker. Same protected boot media, same scanning pipeline, same reports — just mobile.

Integrated display and write-blocker
Field-deployable
Same image as the desktop kiosk

Supported media types

USB-A USB-C External HDD/SSD SD / microSD CompactFlash CD / DVD Memory Stick

Any block storage device accessible through the hardware write-blocker can be scanned.

Update cycle

How Bifrost stays current

Protected boot media is never modified in the field. Updates flow through a managed pipeline — build a fresh image, write it to protected hardware, deploy. The kiosk always runs read-only.

Build

Pipeline pulls latest signatures, rules, and OS patches. Produces a fresh system image.

Write

Image written to protected, hardware write-protected boot media. Automatic or manual.

Deploy

Boot media inserted into kiosk hardware. System boots read-only from the fresh image.

Scan

Runs in the field — read-only, air-gapped, zero persistence. Nothing modifies the image.

Technical specification

Built for trust

Boot architecture

Linux live ISO, non-persistent. RAM only, no disk writes. Hardware-enforced read-only at every layer — boot media, target media, root filesystem.

Media handling

Boot media protected and hardware write-protected. Target media through a hardware write-blocker. Chain of custody preserved throughout.

Threat model

Assumes target media may contain active malware or weaponised payloads. Operator is trusted but not privileged. No data leaves the device.

ISM compliance

ISM-0351 and ISM-0352 for RAM sanitisation. Air-gap enforcement by construction. Sealed, signed boot images through a managed pipeline.

Signature updates

Air-gapped by design. Updates delivered only through complete, sealed system images — never over the wire. No network-attached update path.

Licensing

Third-party scanning engines are established open-source tools, independently auditable. Isolated via process boundaries for licence hygiene.

Read the full technical specification →

Built to ISM-0351/0352 for RAM sanitisation. Air-gapped by design. Nothing leaves the device.

Designed and built in Australia

Get in touch →

Contact

Tell us about your environment.

We'll respond within two business days. For technical evaluation or procurement questions, include as much context as you can share.