The Sleuth Kit (TSK) 4.0.1 does not properly handle “.” (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | sleuthkit | < 4.1.2-1 | sleuthkit_4.1.2-1_all.deb |
Debian | 11 | all | sleuthkit | < 4.1.2-1 | sleuthkit_4.1.2-1_all.deb |
Debian | 10 | all | sleuthkit | < 4.1.2-1 | sleuthkit_4.1.2-1_all.deb |
Debian | 999 | all | sleuthkit | < 4.1.2-1 | sleuthkit_4.1.2-1_all.deb |
Debian | 13 | all | sleuthkit | < 4.1.2-1 | sleuthkit_4.1.2-1_all.deb |