Executive Summary

Title Guidance EnCase fails to detect more than 25 partitions
Name VU#310057 First vendor Publication 2007-11-09
Vendor VU-CERT Last vendor Modification 2007-11-09
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#310057

Guidance EnCase fails to detect more than 25 partitions


Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume.

I. Description

Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition named [.

EnCase Forensic may only detect the first 25 partitions on a volume. The hidden partitions are searchable, but not can not be browsed.

Note that when previewing a drive with EnCase, mounted drives, including CD-ROM, USB keys, native hard drives, and floppy drives will count towards the 25 limit.

II. Impact

An attacker may be able to hide or obscure data.

III. Solution

Guidance Encase customers should see the Guidance support portal for information about obtaining fixed software.

Systems Affected

VendorStatusDate Updated
Guidance Software, Inc.Vulnerable9-Nov-2007




This report was based on information released by iSec partners.

This document was written by Ryan Giobbi.

Other Information

Date Public08/03/2007
Date First Published11/09/2007 09:39:14 AM
Date Last Updated11/09/2007
CERT Advisory 
CVE NameCVE-2007-4201
Document Revision19

Original Source

Url : http://www.kb.cert.org/vuls/id/310057

CPE : Common Platform Enumeration

Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
44746 EnCase Volume Partition Handling Data Concealment Weakness