Breaking Forensics Software: Weaknesses in Critical Evidence Collection

This article presents specic vulnerabilities in common forensics tools that were not previously known to the public, many of which were found through simple fuzzing techniques. It discusses security analysis techniques for nding vulnerabilities in forensic software, and suggests additional security-specic acceptance criteria for consumers of these products and their forensic output. Traditional testing of forensics software has focused on robustness against data hiding techniques and accurate reproduction of evidence. We also provide an analysis of a network forensic acqusition protocol, and discuss the issues with remotely acquiring forensic images. This article argues that more security focused testing, such as that performed against security-sensitive commercial software, is warranted when dealing with such critical products.