Dark Reading

EnCase Driver Weaponized as EDR Killers Persist

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed ...
CSO Online

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools.