Within hours of my first blog posting, I was besieged with people begging for the Sex with Aliens story. I surrender to popular demand.
A very nice gentleman walked through our door last year and asked us very politely if we could please help him prove that his wife had sex with aliens who came through the family computer. Hearing this extraordinary request, one of our forensic technologists hurriedly decamped because he couldn’t keep a straight face. Another technologist managed to listen gravely and accepted the computer. Apparently, the gentleman’s wife had become pregnant and he had reason to know the baby was not his. She thereupon explained about the lusty aliens which had come through the computer and forced themselves upon her. He appeared to find this explanation plausible enough that he brought the computer in to see if we could substantiate his wife’s story.
This presented an ethical dilemma of sorts, which we finally resolved based on the gentleman’s description of his computer as “behaving strangely,” something that certainly could be caused by viruses, worms, spyware, and their brethren, though not likely aliens. We did indeed find a number of computer pests, all of the homegrown Earth variety, and scrubbed the machine. We thereupon presented the computer back to the client with the news that we had indeed cleaned his machines after finding viruses and spyware but were unable to find any trace of aliens. He accepted the news gracefully, and allowed as how aliens might be difficult to find. I imagine so. When and if I do find traces of aliens in computers, I promise you’ll hear it here first.
THE #1 FORENSIC SOFTWARE IS ENCASE – BUT IS IT BUGGY?
There is an ongoing dispute between the security consulting firm iSEC and forensic software vendor Guidance. Without doubt, EnCase is used more often than any other forensic software, but is it buggy? iSEC has published details of the problems, which include crashing or freezing when the software encounters corrupt data. We at Sensei are watching this with interest, as EnCase is our primary forensic application (like all vendors, we have an entire toolchest of applications).
Our initial take is that iSEC is likely correct. We have always let others bleed when a new version of EnCase is released, because it inevitably takes months, if not more than a year, for most of the bugs to be fixed. In fact, our guys laugh that when they can’t fix all the bugs, they release a brand new version of the software. They’ve already had a number of releases attempting to fix bugs in the current version of the software (they are now up to version 6.6 of EnCase's original 6.0 version). We are not yet even using version 6 in a production environment because we do not yet have full confidence in it. We too have experienced EnCase crashes, during both forensic analysis and acquisitions which might well be related to the problems identified by iSEC. Do these possible defects affect the reliability of the analysis? That seems to be the $60,000 question.
If you’re interested in following the controversy, see the white paper at http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
E-mail: firstname.lastname@example.org Phone: 703-359-0700