Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Guidance Software, Inc. Information for VU#310057

Date Notified:2007-09-18
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

The issue described in this report involves the inability of EnCase to logically view more than 25 partitions simultaneously. This issue is not relevant to devices being used only in an MS Windows environment, as it can only be present in devices used with certain non-Windows operating systems, such as Linux. This issue is a current limitation of the EnCase software that will be addressed in a future maintenance release.

Examiners should note that this issue affects viewing an evidence file or image in a slightly different manner than viewing a remote computer using EnCase Enterprise.

  • Evidence file – In this instance EnCase will provide logical access to up to
25 partitions within a single evidence file. If multiple evidence files are
examined simultaneously, the limit is 25 partitions per device, not 25
partitions total.
  • Remote device – In the instance where a computer is being previewed
using EnCase Enterprise, EnCase will provide access as follows:
    • Logical Access: If devices on a remote system are accessed as logical volumes, EnCase will provide access to up to 25 total partitions. This includes all logical partitions from all devices that the target computer currently has access to.
    • Physical Access: If a device is previewed at the physical level, EnCase will provide access to up to 25 partitions per device. If a system has reached or is approaching the 25 partition limit, this is the recommended solution, as it allows 25 partitions per device instead of 25 for the entire system.

It should be noted that analysis functions, such as keyword searching, is not affected by this issue. Searching will still locate pertinent data, although the logical location of the data will not be identified if it is located in a partition that is not visible to EnCase.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

Addendum

See https://support.guidancesoftware.com/node/487 for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2012 by US-CERT, a government organization
Disclaimers and copyright information