lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <33145790.1135122691524.JavaMail.teamon@bda055-cell00.bisx.prod.on.blackberry>
Date: Tue, 20 Dec 2005 23:46:33 +0000 GMT
From: "Jason Coombs" <jasonc@...ence.org>
To: computerforensics@...ensicfocus.com
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>,
	Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Guidance

It is not just defects in EnCase features that cause computer forensic examiners who use Guidance Software's products and training to produce incorrect and misleading expert testimony or fact evidence.

Guidance Software simply doesn't understand, and doesn't care to understand, information security.

It would be bad for sales of EnCase if Guidance admitted that they have no way to know whether anything discovered on a hard drive by EnCase is reliable circumstantial evidence.

The result of Guidance's software and their training is a severely dysfunctional industry built around making profits by looking at tea leaves and telling fortunes.

Data on hard drives simply is not evidence of anything. Even when it helps to prompt or guide investigations, the people who practice computer forensics must disqualify themselves and their reports from the status of 'expert' testimony or 'fact' evidence, yet they are taught by Guidance techniques to amplify the appearance of reliability and expertise instead of properly and competently explaining the inherent uncertainty in any computer forensic investigation.

Computer hard drive analysis is not expert testimony, and the result of such analysis is routinely misrepresented by people who use Guidance products, people who are trained by Guidance, and people who think the way that Guidance thinks.

The break-in to the Guidance computer network, and Guidance's typical botched corporate incident response, inadequate reporting, and failure to even try proactively to protect people who Guidance puts at risk, is just one point of proof that Guidance Software's failure to properly address the impact that intrusions and information security vulnerabilities have on the condition of data stored on hard drives is causing severe harm to the public safety worldwide.

Regards,

Jason Coombs
jasonc@...ence.org

-----Original Message-----
From: Alex Eckelberry <AlexE@...belt-software.com>
Date: Tue, 20 Dec 2005 10:21:37 
To:computerforensics@...ensicfocus.com
Subject: RE: Guidance

Yup, Brian got it.  Very good work on his part.  I was late on the
story.  Thanks for the pointer. 

The other issue with version 4 is worrisome.  If people went to jail
because of incorrect information, that would be disturbing.  However, it
seems it's all relative to the circumstances and the skill of the
forensics expert. 

Thanks again!


Alex
 

-----Original Message-----
From: Paul Alexander [mailto:paul@...uxfx.com] 
Sent: Monday, December 19, 2005 8:22 PM
To: computerforensics@...ensicfocus.com
Subject: Re: Guidance

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Eckelberry wrote:
> Hello,
>  
> I'm working on a short article on computer forensics and am doing 
> research on rumoured problems with Guidance software, particularly
>  
> a) the fact that their database was (allegedly) recently hacked
>  
> and
>  
> b) problems with version 4.0 providing incorrect information, 
> particularly showing incorrect files in the recycle bin vs. version 5 
> showing a correct number of files.
>  
>  
> If anyone can point me to some links or more info, I would appreciate
it.
>  
> TIA,
>  
>  
> Alex Eckelberry

Try this for the hacked database story -
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR200512
1900928.html

Regards, Paul Alexander.
www.linuxfx.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDp1y3umIg2LLN3EoRAmMyAJ4sYx8Xnc/SzPB6ZTUx87gowyKd1wCgwAdz
OSWcCrAJWAtyXG9rwt/5DDE=
=BFJV
-----END PGP SIGNATURE-----

Forensic Focus (http://www.forensicfocus.com) email list addresses:

Post message: computerforensics@...ensicfocus.com
Help address: computerforensics-help@...ensicfocus.com
Unsubscription address: computerforensics-unsubscribe@...ensicfocus.com

Forensic Focus (http://www.forensicfocus.com) email list addresses:

Post message: computerforensics@...ensicfocus.com
Help address: computerforensics-help@...ensicfocus.com
Unsubscription address: computerforensics-unsubscribe@...ensicfocus.com


.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ