funsec mailing list archives
Re: Researchers: Forensics Software Can Be Hacked
From: Jordan Wiens <numatrix () ufl edu>
Date: Thu, 26 Jul 2007 16:25:36 -0400
It's worth noting that the metasploit antiforensics stuff is different than the research discussed in the article.
The new stuff is actually exploiting the code in the forensics software directly, not just mangling the data to make it hard to analyze forensically. The best part of that is the chance for code to jump out of a drive being imaged and onto the analysis workstation itself. Fun stuff.
-- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Jul 25, 2007, at 1:41 PM, Hubbard, Dan wrote:
www.metasploit.com/projects/antiforensics/BH2005- Catch_Me_If_You_Can.ppt-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Gadi Evron Sent: Wednesday, July 25, 2007 10:20 AM To: Paul Ferguson Cc: funsec () linuxbox org Subject: Re: [funsec] Researchers: Forensics Software Can Be Hacked Wow. No kidding!!!@111 On Wed, 25 Jul 2007, Paul Ferguson wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via InfoWorld. [snip] The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with iSEC Partners. The San Francisco security company has spent the past six monthsinvestigating two forensic investigation programs, Guidance Software'sEnCase, and an open-source product called The Sleuth Kit. They havediscovered about a dozen bugs that could be used to crash the programsor possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with iSEC Partners. [snip] More:http://www.infoworld.com/article/07/07/25/Forensics-software-can- be-hacked_ 1.html - - fergp.s. Interesting premise for a Hollywood movie: "...bugs that could beused to crash the programs or possibly even install unauthorized software on an investigator's machine..." :-) -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.2 (Build 2014) wj8DBQFGp4RDq1pz9mNUZTMRAgOUAJ9fLcmHfCGZ0bzh6O0uEotyKXNHaACeOpAS /ZgmK9+7K3Iy6MNYHbSxQyA= =XJl3 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Researchers: Forensics Software Can Be Hacked Paul Ferguson (Jul 25)
- Re: Researchers: Forensics Software Can Be Hacked Gadi Evron (Jul 25)
- RE: Researchers: Forensics Software Can Be Hacked Hubbard, Dan (Jul 25)
- RE: Researchers: Forensics Software Can Be Hacked Gadi Evron (Jul 25)
- Re: Researchers: Forensics Software Can Be Hacked Jordan Wiens (Jul 26)
- Re: Researchers: Forensics Software Can Be Hacked Don Blumenthal (Jul 26)
- Re: Researchers: Forensics Software Can Be Hacked Jordan Wiens (Jul 26)
- Re: Researchers: Forensics Software Can Be Hacked Valdis . Kletnieks (Jul 26)
- RE: Researchers: Forensics Software Can Be Hacked Hubbard, Dan (Jul 25)
- Re: Researchers: Forensics Software Can Be Hacked Gadi Evron (Jul 25)