[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <33145790.1135122691524.JavaMail.teamon@bda055-cell00.bisx.prod.on.blackberry>
Date: Tue Dec 20 23:52:23 2005
From: jasonc at science.org (Jason Coombs)
Subject: Re: Guidance
It is not just defects in EnCase features that cause computer forensic examiners who use Guidance Software's products and training to produce incorrect and misleading expert testimony or fact evidence.
Guidance Software simply doesn't understand, and doesn't care to understand, information security.
It would be bad for sales of EnCase if Guidance admitted that they have no way to know whether anything discovered on a hard drive by EnCase is reliable circumstantial evidence.
The result of Guidance's software and their training is a severely dysfunctional industry built around making profits by looking at tea leaves and telling fortunes.
Data on hard drives simply is not evidence of anything. Even when it helps to prompt or guide investigations, the people who practice computer forensics must disqualify themselves and their reports from the status of 'expert' testimony or 'fact' evidence, yet they are taught by Guidance techniques to amplify the appearance of reliability and expertise instead of properly and competently explaining the inherent uncertainty in any computer forensic investigation.
Computer hard drive analysis is not expert testimony, and the result of such analysis is routinely misrepresented by people who use Guidance products, people who are trained by Guidance, and people who think the way that Guidance thinks.
The break-in to the Guidance computer network, and Guidance's typical botched corporate incident response, inadequate reporting, and failure to even try proactively to protect people who Guidance puts at risk, is just one point of proof that Guidance Software's failure to properly address the impact that intrusions and information security vulnerabilities have on the condition of data stored on hard drives is causing severe harm to the public safety worldwide.
Regards,
Jason Coombs
jasonc@...ence.org
-----Original Message-----
From: Alex Eckelberry <AlexE@...belt-software.com>
Date: Tue, 20 Dec 2005 10:21:37
To:computerforensics@...ensicfocus.com
Subject: RE: Guidance
Yup, Brian got it. Very good work on his part. I was late on the
story. Thanks for the pointer.
The other issue with version 4 is worrisome. If people went to jail
because of incorrect information, that would be disturbing. However, it
seems it's all relative to the circumstances and the skill of the
forensics expert.
Thanks again!
Alex
-----Original Message-----
From: Paul Alexander [mailto:paul@...uxfx.com]
Sent: Monday, December 19, 2005 8:22 PM
To: computerforensics@...ensicfocus.com
Subject: Re: Guidance
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alex Eckelberry wrote:
> Hello,
>
> I'm working on a short article on computer forensics and am doing
> research on rumoured problems with Guidance software, particularly
>
> a) the fact that their database was (allegedly) recently hacked
>
> and
>
> b) problems with version 4.0 providing incorrect information,
> particularly showing incorrect files in the recycle bin vs. version 5
> showing a correct number of files.
>
>
> If anyone can point me to some links or more info, I would appreciate
it.
>
> TIA,
>
>
> Alex Eckelberry
Try this for the hacked database story -
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR200512
1900928.html
Regards, Paul Alexander.
www.linuxfx.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDp1y3umIg2LLN3EoRAmMyAJ4sYx8Xnc/SzPB6ZTUx87gowyKd1wCgwAdz
OSWcCrAJWAtyXG9rwt/5DDE=
=BFJV
-----END PGP SIGNATURE-----
Forensic Focus (http://www.forensicfocus.com) email list addresses:
Post message: computerforensics@...ensicfocus.com
Help address: computerforensics-help@...ensicfocus.com
Unsubscription address: computerforensics-unsubscribe@...ensicfocus.com
Forensic Focus (http://www.forensicfocus.com) email list addresses:
Post message: computerforensics@...ensicfocus.com
Help address: computerforensics-help@...ensicfocus.com
Unsubscription address: computerforensics-unsubscribe@...ensicfocus.com
.
Powered by blists - more mailing lists