According to researchers with iSEC Partners, forensics software that are commonly used by the police, as well as enterprise security personnel, is not as secure as it should be.
iSEC Partners has spent the past six months investigating two forensic investigation programs: Guidance Software’s EnCase and as an open-source product called The Sleuth Kit.
They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator’s machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.
The general agreement is that, while this research is interesting, it is but of limited use to criminals.
James Foster, president and chief scientist at Ciphent adds:
“That’s because most serious attackers are already good enough at covering their tracks that they will never be caught. If you’re an attacker you can basically beat the system. In my opinion, the bigger problem is that the product is not going to provide the data that you want.”
While I must admit that the idea of an attacker leaving software “booby traps” behind would probably appeal to some, the real issue is probably not so much about the technological issue as with the legal facet.
Chris Ridder, residential fellow at the Stanford University Law School Center for Internet and Society explained: “If Isec shows that unauthorized software could have been run on an investigator’s PC, the defense might legitimately argue that the evidence could have been compromised as a result, and thus seek to get the entire case thrown out.”
Any experience with forensic software and/or the legal process pertaining to technology? Join the discussion.