Hi Jürgen,
I would document the session in a hand-written notebook (each page
dated and numbered) and, if needed, take photographs instead of
video. If you ever needed to present this data in a court of law the
jury tends to associate better with the above formats.
That being said, if presenting to a client, you would probably want to
present a formal document based on your notes taken at the time of the
testing.
Hope this helps.
--
Andrew Hay [NSA/CCSE Plus/CCNA/Security+/RHCE/GCIA/SSP-MPA/SSP-CNSA]
blog: https://www.andrewhay.ca
email: andrewsmhay || at || gmail.com
On 02/10/06, "Jürgen R. Plasser" <plasser_at_hexagon.at> wrote:
> Hi All,
>
> How do you document and log the pentest session itself?
>
> I want to document the pentest process in detail, not only for the
> customer, but for later reviews and to avoid legal difficulties.
>
> What are the best tools to accomplish that or do you even record the
> sessions on video with a camcorder? Or some kind of screen recorder?
>
> Thanks,
>
> Jürgen
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
Received on Oct 02 2006
Intro
