| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Aug 2007 09:41:54 -0700 From: "Alex Stamos" <alex@...cpartners.com> To: <bugtraq@...urityfocus.com> Subject: RE: Re: Guidance Software response to iSEC report on EnCase iSEC last night released our report on issues discovered in The Sleuth Kit and Guidance Software's EnCase Forensic and Enterprise Editions: http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper .v1_1.BH2007.pdf We will send out these bugs in "advisory" format soon. It should be noted that these issues were addressed in version 2.09 of The Sleuth Kit, and most of the EnCase issues (not including our concerns with EnCase Enterprise's cryptographic system) will be mitigated in the upcoming version 6.7 release. Also of interest to those in the forensics community may be this analysis of the impact security flaws can have on the use of computer forensic evidence in civil and criminal proceedings prepared by Chris Ridder of the Stanford Law School Center for Internet and Society. Although we are happy to host his paper, this work is the output of Mr. Ridder and is not officially a publication of iSEC Partners: http://www.isecpartners.com/files/Ridder-Evidentiary_Implications_of_Sec urity_Weaknesses_in_Forensic_Software.pdf I would like to thank Tim Newsham, Chris Palmer, and Jesse Burns for finding these issues. Thank you, Alex
Powered by blists - more mailing lists