Tag Archives: encase

Video: Computer Forensics – What happens when you delete a file?

Computer Forensics Expert Steve Burgess explains what’s left over when a file is deleted, and what happens when it is created.

Make Encase forensics software crash

I recently found that the forensics software Encase has a security vulnerability, it is possible to make it crash while opening a file.

The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB.
So, if you extract all files, you will most likely run out of space :-)

16 x 4294967295       = 68.719.476.720 (68GB)
16 x 68719476720      = 1.099.511.627.520 (1TB)
16 x 1099511627520    = 17.592.186.040.320 (17TB)
16 x 17592186040320   = 281.474.976.645.120 (281TB)
16 x 281474976645120  = 4.503.599.626.321.920 (4,5PB)

But the file I provide has been modified so that its digital signature will not be detected, I modified its digital signature by adding a harmless and legal pic of a bikini inside the zip I also changed its name.

Be warned that law enforcement agencies also use Encase as a standard so if your computer is ever seized WARN THEM that you have it, you could even be accused of obstruction to justice if you don’t.

This is a mirror copy of http://www.unforgettable.dk they are the original creators and not me, credit where is due.

Download 42.zip renamed as secret codes