Bifrost · Australian made

The trusted bridge for untrusted data

Offline, zero-persistence malware scanning and data inspection for removable media — purpose-built for air-gapped and sensitive environments.

Request a demo → Read the technical spec

Scan phases per inspection

5k+

YARA detection rules

72M

Known-good file hashes

Data retained after shutdown

What is Bifrost?

Bifrost is a purpose-built scanning kiosk for removable media — USB drives, SD cards, portable hard drives — entering or leaving air-gapped and classified environments. It's a physical device that sits at the boundary: plug in a drive, get a malware and content report, and know what's on the media before it crosses the gap. The device retains nothing. Every scan is wiped from RAM on shutdown.

What Bifrost does

Operates offline

Purpose-built for air-gapped networks. No network interfaces, no telemetry, no dependencies on external services.

Zero persistence

Runs entirely in RAM. Sanitised to ISM-0351/0352 on shutdown. Nothing survives a power cycle.

Multi-classification scanning

One system covers every classification level. Keyword sets and rule profiles adapt per session, from unclassified through to the highest caveats.

Managed updates

Signature engine and scanning rules delivered through a sealed image pipeline. Ongoing support built in.

How it works

From boot to report in minutes

Build the image

A managed pipeline produces a sealed system image — OS, scanning engines, signature databases, and rule sets — written to hardware write-protected boot media.

Boot

Power on. The sealed image loads entirely into RAM in about thirty seconds. No persistent disk, no swap, no writable storage.

Insert target media

Connect removable media through the hardware write-blocker. Bifrost mounts it read-only and runs seven inspection phases automatically.

Read the report

Results on screen and via thermal printer. Clean files, flagged files with reasons, items needing manual review — all in one report.

Shutdown and sanitise

RAM is sanitised to ISM-0351/0352 before power-off. Every trace of the scan is wiped. The device is clean for the next operator.

Scanning pipeline

Seven phases, one report

Each scan runs through a fixed sequence of inspection phases. Every phase contributes to the final report.

Mount

Target media mounted read-only through the hardware write-blocker.

Inventory

Every file catalogued — name, size, type, timestamps, cryptographic hash.

Signature scan

Files checked against a curated multi-engine malware signature database.

Rule-based heuristics

YARA-rule detection for malware families, techniques, and known-bad patterns.

Behavioural checks

Executables inspected for suspicious capabilities, packing, and embedded strings.

Keyword search

Content searched for classification markers and configurable keyword sets.

Report

Findings aggregated into a single report — screen, print, or both.

Deployment options

One image, multiple form factors

Bifrost runs the same sealed image on both configurations. Choose the form factor that fits your environment — the scanning capability is identical.

Desktop kiosk

Compact form factor for fixed installations. Sits on a desk or countertop at the checkpoint. Connects to an external display and write-blocker. Suited to entry points, guard stations, and classification control zones where the kiosk stays in one place.

Small-form-factor hardware
External display and peripherals
Permanent installation

Portable unit

All-in-one laptop configuration for field use, deployments, and environments where the kiosk needs to move. Built-in display and integrated write-blocker. Same sealed boot media, same scanning pipeline, same reports — just mobile.

Integrated display and write-blocker
Field-deployable
Same image as the desktop kiosk

Technical specification

Built for trust

Boot architecture

Linux live ISO, non-persistent. RAM only, no disk writes. Hardware-enforced read-only at every layer — boot media, target media, root filesystem.

Media handling

Boot media sealed and hardware write-protected. Target media through a hardware write-blocker. Chain of custody preserved throughout.

Threat model

Assumes target media may contain active malware or weaponised payloads. Operator is trusted but not privileged. No data leaves the device.

ISM compliance

ISM-0351 and ISM-0352 for RAM sanitisation. Air-gap enforcement by construction. Sealed, signed boot images through a managed pipeline.

Signature updates

Air-gapped by design. Updates delivered only through complete, sealed system images — never over the wire. No network-attached update path.

Licensing

Third-party scanning engines are established open-source tools, independently auditable. Isolated via process boundaries for licence hygiene.

Read the full technical specification →

Built to ISM-0351/0352 for RAM sanitisation. Air-gapped by design. Nothing leaves the device.

Designed and built in Australia

Get in touch →

Contact

Tell us about your environment.

We'll respond within two business days. For technical evaluation or procurement questions, include as much context as you can share.