From: Andrew Hay (andrewsmhay@gmail.com)
Date: Mon Oct 02 2006 - 15:18:47 EDT
Hi Jürgen,
I would document the session in a hand-written notebook (each pagedated and numbered) and, if needed, take photographs instead ofvideo. If you ever needed to present this data in a court of law thejury tends to associate better with the above formats.
That being said, if presenting to a client, you would probably want topresent a formal document based on your notes taken at the time of thetesting.
Hope this helps.
-- Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA]blog: https://www.andrewhay.caemail: andrewsmhay || at || gmail.com
On 02/10/06, "Jürgen R. Plasser" <plasser@hexagon.at> wrote:> Hi All,>> How do you document and log the pentest session itself?>> I want to document the pentest process in detail, not only for the> customer, but for later reviews and to avoid legal difficulties.>> What are the best tools to accomplish that or do you even record the> sessions on video with a camcorder? Or some kind of screen recorder?>> Thanks,>> Jürgen>>> ------------------------------------------------------------------------> This List Sponsored by: Cenzic>> Need to secure your web apps?> Cenzic Hailstorm finds vulnerabilities fast.> Click the link to buy it, try it or download Hailstorm for FREE.> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW> ------------------------------------------------------------------------>>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT