±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36115
New Yesterday: 0 Visitors: 131

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Guidance EnCase Vulnerabilities

Forensic software discussion (commercial and open source/freeware). Strictly no advertising.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Senior Member

Guidance EnCase Vulnerabilities

Post Posted: Dec 07, 16 04:21

Vulnerability overview/description:
1) Denial of Service
Several manipulated hard disk images cause Encase Forensic Imager to crash. A suspect manipulating the hard drive could potentially hinder an investigator from using Encase Forensic Imager for creating hard disk images. Encase Forensic (v7) has been tested and found to be affected as well.

2) Heap-based buffer overflow
Using a manipulated ReiserFS image an attacker can overwrite heap memory on the investigator's machine. Because of several restrictions SEC Consult was unable to create an exploit that works reliably within a reasonable timeframe. However, as with most heap-based buffer overflow vulnerabilities it is possible that an attacker could gain arbitrary code execution nevertheless.


Senior Member

Re: Guidance EnCase Vulnerabilities

Post Posted: Dec 08, 16 15:18

Very interesting! It's a shame they are not releasing the image files - it would be good to see how other products handle this.  

Page 1 of 1