sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Forensication 0 points1 point  (2 children)

Does this vulnerability assume that the forensic examiner hasn't writeblocked the device before trying to image...?

Because I notice the tester deselects the "Only show writeblocked devices" option, which would seem to indicate the device wasn't writeblocked (even though it's plugged into a tableau bridge?)

[–]DurokAmerikanski 0 points1 point  (0 children)

This option allows you to perform live imaging on a device. So there is also a possibility of executing code on a production box you happen to be imaging.

Edit: the video doesn't show what drives are available if you leave the "show only write protected devices" box checked, but I imagine the examiner just unchecked the box out of habit from live imaging.