Question

I need a Report and dont know how.

By Isabella De Fere ·
I have a client who asked me to go over his computer to see if it were hacked. I used a man to do this and he seemd reputable and honest he told me all hed done and I wrote it down but my client wants a report. I dont know the jargon and the guy who did the work says he doesn't do reports. I have done a lot of running around to not get paid - which is not that much but I need something.
15 total posts (Page 1 of 2)   01 | 02   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

Security Reports can be Difictult

by OH Smeg In reply to I need a Report and dont ...

Depending on what the client wants it can be time consuming and may even result in you appearing as an "Expert Witness" which can be weeks of preparation and days of waiting around in court buildings to give evidence and then when they find out you did not do the work they will ignore everything you have said because it is not First Hand Evidence.

To do a Security Report you have to have done the work because if you did not it is meaningless and has no weight which is most likely why the person you got to do the work doesn't write Reports any longer as you can never charge enough to cover the time you waste running around after the report is written and goes God Knows where that you have no idea of.

Also by doing anything you have stopped any further person from doing a full Report and left both yourself and who ever you got to do the work open to claims that you have interfered and altered this system and if there was anything on it it will be claimed by someone in court that you or the person who did the work put it there.

Having spent months giving evidence in Courts over the years the only people who can do reports like you are asking about work in Big International Business who can afford to have a Tech tied up in doing Court work for months at a time and they have the right personality to sit in a Courtroom and answer the most silly questions to the best of their ability which is mostly answering the same question asked 2 million different ways by someone who has no idea of what they are talking about to begin with.

What a Security Person would say is a Phishing Expedition hoping to get something to hang someone with and that is mostly the person giving the evidence

My best advice is give the unit back do not ask for any money and treat it as a Learning Experience of something that you never want to get involved with again.

For example the last time I was in court a Power Supply had failed and allowed mains power to enter the case which then went out over the Network Lines and somehow caused the building to burn to the ground along with everything inside it. That took 8 years to reach the court and 4 months to hear, granted I was only giving evidence for 2 days about what I had discovered from the remains of the server but all that evidence had to be stored where it could not be touched for that time and I had to have a full memory of what I had put into the Report.

Collapse -

thankyou

by Isabella De Fere In reply to Security Reports can be D ...

thankyou - that is so interesting. its going to be hard to let go of the money as i have run around so much - delivering the computer - driving miles - sitting with this person and that. Do you think my mistake was not getting a forensic image carried out. i was trying to save the person money as the cost the earth. i got the guy with a degree in Forensic computing as i felt it would work and a forensic guy who does imaging said itd be cheaper.

Collapse -

An image would have been the starting point

by OH Smeg In reply to thankyou

But you have to maintain what they call CHAIN OF EVIDENCE which has to be provable to a courts satisfaction. Not the place to make a mistake really and really how much you charge someone for things like this is NEVER ENOUGH.

To give you some idea in the above court case I referred to had a Lighting Strike to the Communications box outside the building sometime overnight and the Insurance Company was attempting to Claim Act of God so they did not have to pay up. I was standing up in a Court saying I do not know what happened all I can tell you is that this is what I found when I looked at the remains of several computers that were in the building. I can not tell you what happened first or what caused what. It could have been the Lighting Strike coming in over the Phone Network which fried everything and caused the Power Supply to allow Mains Voltage into the case and out over the network cables or it could just as easily have been the Power Supply failed feed Mains Power into the case and caused the building to be destroyed with the fire starting at several different points simultaneously I am just unable to say with any certainty.

A day and a half I spent giving evidence with the Judge jumping onto the Barrister saying things about Rules of Evidence and how I felt had no bearing on the case. Also things like I do not know which court you practice in but it's not this court and I think you need a lot more practice before you attempt to appear again.

Worst time I ever gave evidence ever and I was a quivering wreck when I left the place only to find out from the Sheriff that the Barrister in Question had represented that Judges Wife in a Divorce which I assume had not gone well for the Judge so he did everything within his power and the law to prevent that guy practicing in court again or at least not Criminal/Civil Court. Not something I had ever experienced previously and I was wondering what I had done wrong to get the Judge so worked up. It's never a good idea to Peve Off someone like that and I was wanting to know what had/was happening but apparently according to the guy who I was giving evidence for I did a great job just couldn't go to work for a couple of weeks after though.

Collapse -

thankyou

by Isabella De Fere In reply to An image would have been ...

Hi There,

Yes, I hear you. He has told me he doesnt want it for court and that its just to know what was covered. The tech guy who examined it didnt find anything - meaning it wasn't hacked. He is Indian and doesnt know good command of English so is saying i have to do the report for them - but i don't know how to word it.

Collapse -

Well then do it the easy way

by OH Smeg In reply to thankyou

Start on a Letterhead and give a basic report on what was checked and a summary of the conclusions.

Start with the easy things like what was asked for and then what and how it was checked any other tests performed on it and then state the conclusions.

Then sign it with the companies owners name and any other things that should be listed after the name of the person signing it.

However I always get concerned when I get people saying no trouble but I want it this way as that always sounds like some sort of Legal Action to me.

Collapse -

thankyou

by Isabella De Fere In reply to Well then do it the easy ...

Hi OH,
You said - Start on a Letterhead and give a basic report on what was checked and a summary of the conclusions.
- I can do a letterhead. The computer guy won't tell me what he checked. Well he did at the time - i think ports and logs and system - but that will take up all of one line.

Start with the easy things like what was asked for and then what and how it was checked any other tests performed on it and then state the conclusions.
The client asked was his computer hacked. The computer guy said he checked everything and it wasn't accessed. I believed him. Now cant reach him as he says he doesn't do reports - so Im on my own with listing the things in detail and im not techy at all. I dont know where to find a list of things that would be checked.

Collapse -

Well then you can't really do a report can you?

by OH Smeg In reply to thankyou

The issue here is that you have to list what was done in a sequential manner and maybe pad out the checks a bit. In the old days they used to say if you can't Baffle them with Science Blind them with BS.

Doesn't mean you lie but you can say for instance Scanned all outgoing ports and checked against known issues and a list of what should be open instead of just saying Scanned Ports.

But if you can not get the guy who did the work to work with you which they will probably want to get paid for there isn't really much you can do is there?

I really suggest you walk away from this one as it is pointless throwing good money after bad and you have to understand when to cut your losses which happen all of the time.

The worst job I ever walked away from was when I had an Apprentice forced on me and they destroyed a couple of Million $ worth of new mainframe. After they did the same thing 3 times with exactly the same result I had had enough and just suggested that they get someone else to train their guy who was not possible to train.

That was 4 months work and it hurt but I did learn from that NEVER to Take on Customers Staff to Teach Them. Only good thing to come out of that was I did make the little sod pull a cable over 18 floors 3 times but each time he connected it the wrong way and would not learn from their mistakes. In the end I had to not only stand over the kid as he pulled the cable but I had to do all the work and not let them touch anything.

Collapse -

I have been trying to reply for days.

by Isabella De Fere In reply to Well then you can't reall ...

I have to thankyou for your reply and I was trying to get back for you for days but the site wouldnt let me. Hes done a report and its one paragraph. Literally - checked ports and the system. There MUST be more that can be said. Can you help?

Collapse -

Ok this is most defiantly not my area of Expertize

by OH Smeg In reply to I have been trying to re ...

But I would start with stating the obvious the name and so on of the customer followed by the brand and model of the computer or if it's a white box the internal components and any serial numbers that may be on it.

Then a paragraph or 2 on what was requested.

After than state what was done to it to check for infections things like Running F Secure from a Live Disc to fully scan the OS and installed software check open ports and so on.

A list of what the Scanning found and finally a summary of the results of the scan.

As I'm not sure what was done here you'll have to fill that in but don't say anything you are not sure of and if you do a quick Google Search of Security Templates for Windows whatever, that may help. I think there should be something out there giving a list of what either Microsoft or one of security companies thinks is important

Just make sure it's for the version of Windows that is installed on the system including any Patch Levels and also above when you list the software on the system list all of the installed patches and if any are not installed, of course you'll need the unit for that and have to copy out what has been installed as well as any Patches/ Service Packs and so on.

OI seem to remember Microsoft having some Base Line Security Templates as well but as I have never used them I'm not sure what they cover or if they will be any use in this case.

If there was more than one scan performed list them all and the results of those scans and also list if they where done from a Live Disc or with the Installed OS running. Having the installed OS running is not as effective as any infections can be masked by the OS if who ever cracked the system knows what they are doing so it's always better running from a Live Disc or pulling the HDD and fitting to another Secured Computer to scan the drive, it's just more likely to show up that way, that's all.

Hope that helps some.

Collapse -

thankyou

by Isabelle De Fere In reply to Ok this is most defiantly ...

Thankyou OH.

Where do i get the security templates - ive tried google but they dont come up.

youve put this below - what is Fsecure?
After than state what was done to it to check for infections things like Running F Secure from a Live Disc to fully scan the OS and installed software check open ports and so on.

A list of what the Scanning found and finally a summary of the results of the scan.

He said he didnt find anything.

Here is his report below - its very tatty and shoddy - he wasnt shy in asking for money for it. as follows:
• There is no remote connection Software Installed on mac
• Malware detection was run and could not found any issue.
• All remote port is disabled.
Further steps to Investigate.
• Users must change his Apple ID password and make sure enable his MFA (Multi-Factor Authentication)
• User must change his WIFI Password.
• Router default password must be changed.
• This is important to run scanning on the user network to Find out miscellaneous activities.
• A program like Crowd Strike of solution from force point is highly recommended to investigate further. Their Client agent will be installed on all machines, and they will report back to the admin about all activity happening on the Network.
• Shared PC will display on the Network. User must check all connected device to Network on router admin portal.
i mean its just a paragraph. is there a way of padding it or making it look - well ot certainly needs padding. best Isa.

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums