Black Hat Researchers: Forensics software can be hacked

It is a big war in court, with every side trying to attack the tools of the other side. Therefore, individual expertise is very important. You can not just say "the flawless program gave these results" if no program is flawless, but you have to prove your opinion, and in simple terms!

clipped from www.computerworld.com The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners Inc. The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software Inc.'s EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.

"The big risk is for someone to execute arbitrary code," he said "If there's a risk that the evidence has been compromised or if something has been planted by a third party... then you can call into question the accuracy of the software and possibly get it thrown out."

Butterworth, who has been grilled many times by defense lawyers, agreed. "I wouldn't put anything past a defense attorney ," he said.