Notifications

Clear all

Free tools for finding "sensitive numbers"

General (Technical, Procedural, Software, Hardware etc.)

Last Post by TGriffith 17 years ago

4 Posts

4 Users

0 Reactions

667 Views

RSS

kovar

(@kovar)

Prominent Member

Joined: 18 years ago

Posts: 805

Topic starter 29/07/2008 11:25 pm

Good morning,

The following two tools have been deployed at a number of institutions to help staff members identify repositories of "sensitive numbers" - credit card numbers, SSNs, etc with an eye towards removing or securing them. These tools are also good additions to our forensics toolkits. It'd be interesting to compare the results of these tools against various Enscripts, dtSearch expressions, etc.

Cornell Spider - Windows, OS X, Linux - http//www.cit.cornell.edu/security/tools/

U. Texas - SENF! - Java - https://source.its.utexas.edu/groups/its-iso/projects/senf/ (Link currently dead.)

-David

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

30/07/2008 12:53 am

We deal primarily with PCI sensitive data...CCNs/PANs, as well as track data.

I've recently had to rewrite (with assistance) two EnCase v5 Enscripts for this purpose…the built-in string function IsValidCreditCard() in EnCase v5 is not adequate for use w/ PCI data…it marks JCB CCNs as "invalid". Lance Mueller provided some updates that allowed the EnScripts to run without reliance on internal string functions, which was very beneficial.

I tried to do the same thing w/ EnCase v6, however GSI is not all that keen on folks adding scripts to Case Processor. I have asked GSI for the appropriate updates to the EnScripts (that I ended up developing and adding w/o their help) as well as to the EnCase v6 Case Processor, and as yet, have not received a response.

Cornell Spider doesn't do track data, although you may be able to add that with the appropriate regex. I added regex's for the CCNs not covered by default, and it did a good job of finding the test numbers. However, the big caveat is that you don't get a list of filenames and numbers…just filenames. If you need to do any actual recording of the CCNs or track data for notification purposes, you'll need to do some extra work.

Ccsrch from sourceforge.net is a great little utility, with the only issue being that it doesn't search for CCNs with dashes/spaces. Otherwise, it's very good, searches for track data, and the output is easily managed and parsed.

ReplyQuote

keeper

(@keeper)

Estimable Member

Joined: 17 years ago

Posts: 106

30/07/2008 3:58 am

There's also a tool for this called "Identity Finder". It can locate account numbers, passwords, etc in a device.

http//www.identityfinder.com/

ReplyQuote

TGriffith

(@tgriffith)

Active Member

Joined: 17 years ago

Posts: 14

04/08/2008 8:14 pm

There's also a tool for this called "Identity Finder". It can locate account numbers, passwords, etc in a device.

http//www.identityfinder.com/

Has anyone use this product? It seems reasonably complete and reasonably priced.
I do InfoSec work with some smaller financial companies that might be able to use this but I have no familiarity with it or the company… Seems like it's worth getting a copy for testing.

thanks for the feedback.
Terry

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
224 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed