June 16, 2007
One of the best tools for doing a system examination is ProcMon (Formerly filemon) by Sysinternals (now owned by Microsoft.) If you havent used it befor then you dont know what you are missing. The tool watches the file system and shows you all files that are accessed in real time. The real kicker is that you can filter with a right click any processes that you want. I use it all the time when doing PCI and PBAB (Payment Application Best Practices) Audits for Tevora. I use it to identity all the files that are used in a payment application so I can have a place to target a search for track data or unencrypted PANS. The tool is simple – Run it in the foreground – tune it by removing files/processes you know are noise, then run a transaction and what what it does. Great for getting inoto the nitty gritty of POS applications that are oftentimes poorly documented.