Join Us!

Guidance EnCase Vul...
Clear all

Guidance EnCase Vulnerabilities  

Active Member

Vulnerability overview/description
1) Denial of Service
Several manipulated hard disk images cause Encase Forensic Imager to crash. A suspect manipulating the hard drive could potentially hinder an investigator from using Encase Forensic Imager for creating hard disk images. Encase Forensic (v7) has been tested and found to be affected as well.

2) Heap-based buffer overflow
Using a manipulated ReiserFS image an attacker can overwrite heap memory on the investigator's machine. Because of several restrictions SEC Consult was unable to create an exploit that works reliably within a reasonable timeframe. However, as with most heap-based buffer overflow vulnerabilities it is possible that an attacker could gain arbitrary code execution nevertheless.

Posted : 07/12/2016 3:21 am
Active Member

Very interesting! It's a shame they are not releasing the image files - it would be good to see how other products handle this.

Posted : 08/12/2016 2:18 pm