Vulnerability Note VU#310057

Guidance EnCase fails to detect more than 25 partitions

Original Release date: 09 Nov 2007 | Last revised: 20 Nov 2007


Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume.


Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition named \[.

EnCase Forensic may only detect the first 25 partitions on a volume. The hidden partitions are searchable, but not can not be browsed.

Note that when previewing a drive with EnCase, mounted drives, including CD-ROM, USB keys, native hard drives, and floppy drives will count towards the 25 limit.


An attacker may be able to hide or obscure data.


Guidance Encase customers should see the Guidance support portal for information about obtaining fixed software.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Guidance Software, Inc.Affected18 Sep 200720 Nov 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This report was based on information released by iSec partners.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-4201
  • Date Public: 03 Aug 2007
  • Date First Published: 09 Nov 2007
  • Date Last Updated: 20 Nov 2007
  • Severity Metric: 0.85
  • Document Revision: 19


If you have feedback, comments, or additional information about this vulnerability, please send us email.