Malicious File for Exploiting Forensic Software

Explore anti-forensic techniques that exploit vulnerabilities in commercial forensic software components. Learn how a single malicious file can trigger arbitrary code execution across multiple forensic software products, posing significant risks to investigators. Dive into the process of fuzzing file viewer components using custom scripts, MiniFuzz, and kernel drivers for anti-debugging. Examine two specific vulnerabilities - heap overflow and infinite loop DoS - and witness demonstrations of arbitrary code execution and software hang-ups using crafted malicious files. Gain insights into advanced exploitation techniques, including overwriting function pointers and optimizing heap spraying with bitmap images. Conclude with a discussion on potential countermeasures to mitigate these security risks in forensic software.

Black Hat USA 2013 - Malicious File for Exploiting Forensic Software