Black Hat: Forensic software not as secure as could be

Research released by Isec Partners, the San Francisco-based IT security firm, claims to show that the forensic software used by investigators, the police and government agencies is not as secure as you might think.

After spending six months investigating two forensic investigation programs - Guidance Software's EnCase, and an open-source product called The Sleuth Kit - Isec claims to have discovered a dozen or so bugs that compromise the security of the packages.

Interestingly, although Isec hasn't gone into the mechanics of its investigations, it claims that the bugs are severe enough to allow a third party to crash and even install a program on a remote machine.

Announcing its findings at the Black Hat security briefings in Las Vegas this week, Isec said that the security shortcomings of both applications had now been patched.

Despite this, it's likely that Isec's research will have quite a few law professionals looking seriously at what applications they are using and how secure they are. Read more on the findings here...