Vincent Liu and Francis Brown will be presenting “Bleeding-Edge Anti-Forensics” at InfoSecWorld 2006, April 4 in Orlando, FL.
News & Events
Vincent Liu authors Digital Evidence: Challenging the Presumption of Reliability in the 2006-Volume 1 issue of the Journal of Digital Forensic Practice. There is a general tendency among courts to presume that forensic software reliably yields accurate digital evidence. As a judicial construct, this presumption is unjustified in that it is not tailored …
PGP Desktop includes a Wipe Free Space utility that claims to eliminate data in all the free space on your hard drive including the the little areas after the end of existing files which may still have old data left behind. In short, the utility claims to wipe file slack space, the unused space in a disk cluster. The software does not work as advertised. It does not clean slack space.
Windows file time stamps can be set to extremely low values via the NtSetInformationFile() system call. The Windows API does not properly translate the low 64-bit time values stored on disk into human readable format, and displays no information instead. Although this is not a security vulnerability in itself, it adversely affects third-party applications that rely upon the Windows API to perform the translation.
Vincent Liu will be presenting “The Metasploit Anti-Forensics Project” at Microsoft BlueHat v2, October 13 at Microsoft in Redmond, WA.