Full Disclosure mailing list archives
Re: Guidance
From: "Jason Coombs" <jasonc () science org>
Date: Tue, 20 Dec 2005 23:46:33 +0000 GMT
It is not just defects in EnCase features that cause computer forensic examiners who use Guidance Software's products and training to produce incorrect and misleading expert testimony or fact evidence. Guidance Software simply doesn't understand, and doesn't care to understand, information security. It would be bad for sales of EnCase if Guidance admitted that they have no way to know whether anything discovered on a hard drive by EnCase is reliable circumstantial evidence. The result of Guidance's software and their training is a severely dysfunctional industry built around making profits by looking at tea leaves and telling fortunes. Data on hard drives simply is not evidence of anything. Even when it helps to prompt or guide investigations, the people who practice computer forensics must disqualify themselves and their reports from the status of 'expert' testimony or 'fact' evidence, yet they are taught by Guidance techniques to amplify the appearance of reliability and expertise instead of properly and competently explaining the inherent uncertainty in any computer forensic investigation. Computer hard drive analysis is not expert testimony, and the result of such analysis is routinely misrepresented by people who use Guidance products, people who are trained by Guidance, and people who think the way that Guidance thinks. The break-in to the Guidance computer network, and Guidance's typical botched corporate incident response, inadequate reporting, and failure to even try proactively to protect people who Guidance puts at risk, is just one point of proof that Guidance Software's failure to properly address the impact that intrusions and information security vulnerabilities have on the condition of data stored on hard drives is causing severe harm to the public safety worldwide. Regards, Jason Coombs jasonc () science org -----Original Message----- From: Alex Eckelberry <AlexE () sunbelt-software com> Date: Tue, 20 Dec 2005 10:21:37 To:computerforensics () forensicfocus com Subject: RE: Guidance Yup, Brian got it. Very good work on his part. I was late on the story. Thanks for the pointer. The other issue with version 4 is worrisome. If people went to jail because of incorrect information, that would be disturbing. However, it seems it's all relative to the circumstances and the skill of the forensics expert. Thanks again! Alex -----Original Message----- From: Paul Alexander [mailto:paul () linuxfx com] Sent: Monday, December 19, 2005 8:22 PM To: computerforensics () forensicfocus com Subject: Re: Guidance -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex Eckelberry wrote:
Hello, I'm working on a short article on computer forensics and am doing research on rumoured problems with Guidance software, particularly a) the fact that their database was (allegedly) recently hacked and b) problems with version 4.0 providing incorrect information, particularly showing incorrect files in the recycle bin vs. version 5 showing a correct number of files. If anyone can point me to some links or more info, I would appreciate
it.
TIA, Alex Eckelberry
Try this for the hacked database story - http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR200512 1900928.html Regards, Paul Alexander. www.linuxfx.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDp1y3umIg2LLN3EoRAmMyAJ4sYx8Xnc/SzPB6ZTUx87gowyKd1wCgwAdz OSWcCrAJWAtyXG9rwt/5DDE= =BFJV -----END PGP SIGNATURE----- Forensic Focus (http://www.forensicfocus.com) email list addresses: Post message: computerforensics () forensicfocus com Help address: computerforensics-help () forensicfocus com Unsubscription address: computerforensics-unsubscribe () forensicfocus com Forensic Focus (http://www.forensicfocus.com) email list addresses: Post message: computerforensics () forensicfocus com Help address: computerforensics-help () forensicfocus com Unsubscription address: computerforensics-unsubscribe () forensicfocus com .
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Guidance Jason Coombs (Dec 20)
- Re: Re: Guidance J.A. Terranson (Dec 20)
- <Possible follow-ups>
- Re: Re: Guidance Jason Coombs (Dec 20)
- Re: Re: Guidance J.A. Terranson (Dec 20)
- Re: Re: Guidance Ivan . (Dec 21)
- Re: Re: Guidance J.A. Terranson (Dec 20)