Today it’s not if your organization will have an electronic incident it’s when will
that incident occur. Regardless of the type of incident there is a high likelihood
your organization will need to collect digital evidence and build some form of a case
file. However, it is often in the first moments after an incident is detected that
crucial mistakes are made by the organization.
Does deleting a file on a computer really mean its lost forever?
Most people are unaware that the documents they create and edit using Microsoft’s
Office suite of products contain a large amount of data related to the documents life-cycle.
While usually benign and not very interesting, this data can become quite valuable
in a forensic investigation. It can help establish timetables of when a file was last
accessed or modified. An examiner can even extract the last few users who edited the
file and the previous locations the document was stored.
So what is Splunk? At its core Splunk is
a search engine. It was designed 
to
allow any data from an infrastructure device to be indexed and searched. Any output
from applications, servers and network devices can be “eaten” by Splunk. However,
Splunk has become more than just a standalone product. The current 3.x series of the
product has opened up the internal API and exposed it to allow outside development
of new applications on top of the Splunk core. This post is going to touch on some
of the capabilities available to developers looking to get even more out of their
Splunk installation.
Tamper Data
– A Firefox plug-in that allows inline capture and modification of outgoing HTTP requests.
Instead of relying on Javascript to modify the DOM before a form or query is submitted
you are able to trap the request, edit it (including adding completely new fields)
and forward it to the server. This can allow a tester to bypass all client-side filtering
and verification a web application may have.
The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security
Standards Council released version 1.2 of the DSS on October 1, 2008. The new version
must be used by all organizations who begin a new PCI assessment after October 1st.
If your organization is currently undergoing an assessment you have until December
31, 2008 to complete it using the previous 1.1 version of the standard.
The previous
article gave us a base point to begin building our tool chest with two Live CDs
that provide a wide array of security tools. This article is going to cover the first
phase of an assessment: information gathering and reconnaissance. I have put together
a list of the top 10 most useful utilities and websites I use on a daily basis for
security related assessments.
With the seemingly endless number of security products, utilities and information
sites available today the thought of putting together a set of tools to perform routine
security tasks might seem daunting. It can be, but it doesn’t have to be. Over the
next few entries I am going to walk through how someone would put together a security
tool chest that can be used for almost all day to day security needs.
If you have any questions about our services, please contact us.
(888) 4-TEVORA
Contact Us Now!
One Spectrum Pointe Drive, Suite 200
Lake Forest, California 92630.
Tel: 949.250.3290
Fax: 949.250.9993
Email: info@tevora.com
Driving directions
7485 Rush River Drive, Suite 710
Sacramento, CA. 95831
Tel: (888) 4-TEVORA
Fax: 925.369.0307
Email: norcal@tevora.com
Driving directions
Tevora South America
Alameda Jaú
1742 / 8 Andar
CJ 81 - São Paulo - Brasil
Tel:+55 11 3063-1853
www.tevora.com.br