:: Deepquest ::

The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners Inc.

The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software Inc.’s EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator’s machine, according to Alex Stamos, a researcher and founding partner with Isec Partners.

Researchers have been hacking forensics tools for years, but have traditionally focused on techniques that intruders could use to cover their tracks and thwart forensic investigations. The Isec team has taken a different tack, however, creating hacking tools that can be used to pound the software with data, looking for flaws.

Based on their findings, Stamos’s team believes that the EnCase software is not written as securely as it should and could theoretically be exploited by an attacker.

“What Guidance needs to do is change their production and their quality assurance practices,” Stamos said. “We looked at a small portion of the functionality of EnCase and we found that there are lots of bug that can make it impossible for somebody to complete their work,”he said. “Basically we can make it impossible to open up a hard drive and look at it.”

Isec is holding the technical details of its findings close to its chest, and is not saying whether any bugs they found could be exploited to do something much worse: install unauthorized software on a PC.

But the team will be disclosing some information at next week’s Black Hat conference in Las Vegas, Stamos said.

more from [url=http://www.pcworld.com/article/id,135047-page,1-c,cybercrime/article.html]PC world[/url]