[funsec] Researchers: Forensics Software Can Be Hacked

Hubbard, Dan dhubbard at websense.com
Wed Jul 25 12:41:48 CDT 2007


www.metasploit.com/projects/antiforensics/BH2005-Catch_Me_If_You_Can.ppt

 

-----Original Message-----
From: funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org]
On Behalf Of Gadi Evron
Sent: Wednesday, July 25, 2007 10:20 AM
To: Paul Ferguson
Cc: funsec at linuxbox.org
Subject: Re: [funsec] Researchers: Forensics Software Can Be Hacked

Wow. No kidding!!!@111

On Wed, 25 Jul 2007, Paul Ferguson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Via InfoWorld.
>
> [snip]
>
> The software that police and enterprise security teams use to 
> investigate wrongdoing on computers is not as secure as it should be, 
> according to researchers with iSEC Partners.
>
> The San Francisco security company has spent the past six months 
> investigating two forensic investigation programs, Guidance Software's

> EnCase, and an open-source product called The Sleuth Kit. They have 
> discovered about a dozen bugs that could be used to crash the programs

> or possibly even install unauthorized software on an investigator's 
> machine, according to Alex Stamos, a researcher and founding partner 
> with iSEC Partners.
>
> [snip]
>
> More:
> http://www.infoworld.com/article/07/07/25/Forensics-software-can-be-ha
> cked_
> 1.html
>
> - - ferg
>
> p.s. Interesting premise for a Hollywood movie: "...bugs that could be

> used to crash the programs or possibly even install unauthorized 
> software on an investigator's machine..."
>
> :-)
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
>
> wj8DBQFGp4RDq1pz9mNUZTMRAgOUAJ9fLcmHfCGZ0bzh6O0uEotyKXNHaACeOpAS
> /ZgmK9+7K3Iy6MNYHbSxQyA=
> =XJl3
> -----END PGP SIGNATURE-----
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet fergdawg(at)netzero.net 
> ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



More information about the funsec mailing list