Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Guidance

From: "Jason Coombs" <jasonc () science org>
Date: Tue, 20 Dec 2005 23:46:33 +0000 GMT
It is not just defects in EnCase features that cause computer forensic examiners who use Guidance Software's products 
and training to produce incorrect and misleading expert testimony or fact evidence.

Guidance Software simply doesn't understand, and doesn't care to understand, information security.

It would be bad for sales of EnCase if Guidance admitted that they have no way to know whether anything discovered on a 
hard drive by EnCase is reliable circumstantial evidence.

The result of Guidance's software and their training is a severely dysfunctional industry built around making profits 
by looking at tea leaves and telling fortunes.

Data on hard drives simply is not evidence of anything. Even when it helps to prompt or guide investigations, the 
people who practice computer forensics must disqualify themselves and their reports from the status of 'expert' 
testimony or 'fact' evidence, yet they are taught by Guidance techniques to amplify the appearance of reliability and 
expertise instead of properly and competently explaining the inherent uncertainty in any computer forensic 
investigation.

Computer hard drive analysis is not expert testimony, and the result of such analysis is routinely misrepresented by 
people who use Guidance products, people who are trained by Guidance, and people who think the way that Guidance thinks.

The break-in to the Guidance computer network, and Guidance's typical botched corporate incident response, inadequate 
reporting, and failure to even try proactively to protect people who Guidance puts at risk, is just one point of proof 
that Guidance Software's failure to properly address the impact that intrusions and information security 
vulnerabilities have on the condition of data stored on hard drives is causing severe harm to the public safety 
worldwide.

Regards,

Jason Coombs
jasonc () science org

-----Original Message-----
From: Alex Eckelberry <AlexE () sunbelt-software com>
Date: Tue, 20 Dec 2005 10:21:37 
To:computerforensics () forensicfocus com
Subject: RE: Guidance

Yup, Brian got it.  Very good work on his part.  I was late on the
story.  Thanks for the pointer. 

The other issue with version 4 is worrisome.  If people went to jail
because of incorrect information, that would be disturbing.  However, it
seems it's all relative to the circumstances and the skill of the
forensics expert. 

Thanks again!


Alex
 

-----Original Message-----
From: Paul Alexander [mailto:paul () linuxfx com] 
Sent: Monday, December 19, 2005 8:22 PM
To: computerforensics () forensicfocus com
Subject: Re: Guidance

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Eckelberry wrote:

Hello,
 
I'm working on a short article on computer forensics and am doing 
research on rumoured problems with Guidance software, particularly
 
a) the fact that their database was (allegedly) recently hacked
 
and
 
b) problems with version 4.0 providing incorrect information, 
particularly showing incorrect files in the recycle bin vs. version 5 
showing a correct number of files.
 
 
If anyone can point me to some links or more info, I would appreciate

it.

 
TIA,
 
 
Alex Eckelberry


Try this for the hacked database story -
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/19/AR200512
1900928.html

Regards, Paul Alexander.
www.linuxfx.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDp1y3umIg2LLN3EoRAmMyAJ4sYx8Xnc/SzPB6ZTUx87gowyKd1wCgwAdz
OSWcCrAJWAtyXG9rwt/5DDE=
=BFJV
-----END PGP SIGNATURE-----

Forensic Focus (http://www.forensicfocus.com) email list addresses:

Post message: computerforensics () forensicfocus com
Help address: computerforensics-help () forensicfocus com
Unsubscription address: computerforensics-unsubscribe () forensicfocus com

Forensic Focus (http://www.forensicfocus.com) email list addresses:

Post message: computerforensics () forensicfocus com
Help address: computerforensics-help () forensicfocus com
Unsubscription address: computerforensics-unsubscribe () forensicfocus com


.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: