irom's Blog

Archive for the ‘Audit’ Category

My development and test environment for simple UNIX audit script consists of tiny linux distribution called Microcore which is running as guest operating system on QEMU. I’m using Microcore-a.bat to start it, see below

Microcore-a.bat
qemu -no-kqemu -L . linux-microcore-2.10.img -redir tcp:5555::23 -redir tcp:5556::22
exit

Read the rest of this entry »

Active Directory Cookbook (see references) reads that there are many ways to collect evidence for active directory audit (TIMTOWTDI-There Is More Than One Way To Do It):

  1. GUI  tools  like ADSI Edit, Active Directory Users and Computers (ADUC)
  2. CLI utilities: ‘ds’ tools (dsquery, dsget,etc) , adfind or ldifde
  3. Scripting languages like VBScript or PowerShell

Read the rest of this entry »

1. First, most important rule – never give auditors any electronic evidence or access to the systems. Allow access to printed documentation on site only. Justify it by security and confidentiality. Auditors  should be directed to study evidence, including policies and procedures on site. Make sure that closest coffee machine is broken for that time period 😉

Read the rest of this entry »


Twitter Updates

Blogs I Follow