Re: Free/Open Source Disk Imaging Tools

["Bernie, CTA" <cta () hcsin net>]

In reguards to forensic disk imaging and storage of data in 
general..

I would like to point out that disk imaging wont capture all 
possible data that could be stored on a hard drive due to a 
vulnerability of the Drive’s Controller, which enables an attacker 
to hide data with detection. The threat is that shellcode could be 
written to directly control the drive’s SCSI or IDE controller and 
specifically position the read/write heads to inject bits of data 
into the “out of band” areas of the drive’s magnetic media, 
which could be undiscoverable through disk imaging. Once 
access to the out-of-band areas is obtained attacks upon the 
system’s / data integrity, security and availability could be 
potentially launched without detection.   

Furthermore, I believe that given enough positional entropy and 
the fact that there could exist a significant quantity of out-of-
band space, that it would be easy for one to conceal data and 
shellcode that would not be captured by most if not all of the 
disk imaging tools currently available.  Thus a strong legal 
argument could be made as to the completeness and therefore 
the accuracy and admissibility of information forensically 
obtained by such imaging 
methods. 

Those in computer forensics must understand that current disk 
imaging methods are flawed and will be challenged in court as more 
focus is put on integrity and completeness of evidence collected 
from the scene of the crime. More thought must be put into the 
identification and prioritization of ALL Practical vulnerabilities, 
threats and forms of attacks, assessment of the Risks, identification 
and implementation of the safeguards, and continuous auditing of all 
Actions outside and inside the box. 

Bottom line is that those who are responsible for developing and 
implementing system security topologies must employ well 
though out system security engineering processes which are 
dynamically balanced to achieve a goodness-of-fit.
 
-

-
****************************************************
Bernie
cta () hcsin net
Euclidean Systems
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************

This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom it is 
addressed.  This communication may contain material protected by the
attorney-client privilege, trade secret law, or copyright law.  
If you are not the intended recipient, be advised that you have received 
this email in error and that any use, dissemination, forwarding, printing, 
or copying of this email is strictly prohibited. If you have receive 
this email in error, please immediately notify the sender by email.