From: Gareth Davies (gareth.davies@mynetsec.com)
Date: Mon Oct 02 2006 - 16:13:04 EDT
Jürgen R. Plasser wrote:
> Hi All,
>
> How do you document and log the pentest session itself?
>
> I want to document the pentest process in detail, not only for the
> customer, but for later reviews and to avoid legal difficulties.
>
> What are the best tools to accomplish that or do you even record the
> sessions on video with a camcorder? Or some kind of screen recorder?
>
> Thanks,
>
> Jürgen
Same as when you do forensics, record the whole session, input and
output, write it out to a text file, file command and last commands are
time/date.
Then provide an md5 of the whole thing.
Cheers
-- Gareth Davies - ISO 27001 LA, OPST Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480 Kuala Lumpur, Malaysia Phone: +603-6203 5303 or +603-6203 5920 www.mynetsec.com ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT