From: krymson@gmail.com
Date: Mon Oct 02 2006 - 15:31:41 EDT
Other means that go beyond just providing a report:
- putting any confiscated material ("look what I found on this developer's machine, source code and client data databases!") on a cd or USB device and then hash it and label appropriately.
- capture the packet output of any scans or actual attacks that you do and hash them. Try your best to get times as close as possible, in case they want to correlate IDS entries with your scans/attacks, or a system went down during the scan and they need to determine that you were the cause.
- capture the output of any scanning tools you use. Things like Nessus and nmap will have output files and reports. Even though you likely recreate the reports in a more meaningful format for the client, turning over the raw data itself is also good practice.
Be aware that you may be capturing sensitive information this way, so protect any captures you take with you for your own review and be sensitive to what the client is going to be wanting you to provide to them.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT