Hacking the Counter-Hackers

This article over on Computerworld about the iSec guys who have found vulnerabilities within EnCase and the Sleuth Kit poses a fairly interesting issue in regards to the utilities used by security professionals. How much do these sorts of issues really impact upon your ability to present evidence to management, or even worse, court?

Many corporate environments, before people install and run new/unknown software, have to go through a degree assessment to ensure that the software doesn’t contain any vulnerabilities or has a history of exploitation. Would a defense lawyer really pick apart these sorts of issues in forensic acquisition/analysis tools to discount evidence presented in court? I guess, probably depends on how expensive the lawyer is. What doesn’t help the situation blow out of proportion - probably all the media that will surround the news report and associated black-hat expose features.

How much do these software vulnerabilities impact upon its ability to perform its intended duty? From what I read and understood, not a hell of a lot. It’s like trying to argue in court that MS Windows XP, the underlying operating system used by security investigators, has a long history of exploitation and so no evidence examined on a Windows XP system holds any merit.

This article reminds me a little bit of some research I did back at University on potential issues with forensic examination of PalmOS devices, in that images acquired are constantly changing due to the nature of volatile memory.

I guess this will probably blow over. Interesting none the less.

Posted by Christian 26 July 2007

One Response to “Hacking the Counter-Hackers”

Post A Comment