lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 Aug 2007 09:41:54 -0700
From: "Alex Stamos" <alex@...cpartners.com>
To: <bugtraq@...urityfocus.com>
Subject: RE: Re: Guidance Software response to iSEC report on EnCase

iSEC last night released our report on issues discovered in The Sleuth
Kit and Guidance Software's EnCase Forensic and Enterprise Editions:
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper
.v1_1.BH2007.pdf

We will send out these bugs in "advisory" format soon.  It should be
noted that these issues were addressed in version 2.09 of The Sleuth
Kit, and most of the EnCase issues (not including our concerns with
EnCase Enterprise's cryptographic system) will be mitigated in the
upcoming version 6.7 release.  

Also of interest to those in the forensics community may be this
analysis of the impact security flaws can have on the use of computer
forensic evidence in civil and criminal proceedings prepared by Chris
Ridder of the Stanford Law School Center for Internet and Society.
Although we are happy to host his paper, this work is the output of Mr.
Ridder and is not officially a publication of iSEC Partners:
http://www.isecpartners.com/files/Ridder-Evidentiary_Implications_of_Sec
urity_Weaknesses_in_Forensic_Software.pdf

I would like to thank Tim Newsham, Chris Palmer, and Jesse Burns for
finding these issues.

Thank you,
   Alex


Powered by blists - more mailing lists