Just a quick post to list some help tools for detecting cardholder data on your systems, or tools to setup for ongoing controls to monitor for cardholder data.
ccsrch is a tool that searches for and identifies unencrypted and contiguous credit card numbers (PAN) and track data on windows and UNIX operating systems. It will also identify the location of the PAN data in the files and record MAC times
Senf is a fast, portable tool (written in Java, runnable just about everywhere) for finding sensitive numbers. Use this tool to identify files on your system that may have Social Security Numbers (SSNs) or Credit Card Numbers (CCNs).
Spider’s purpose is to identify files that may contain confidential data. It scans a collection of files, searching for patterns of numbers or letters that resemble Social Security numbers or credit card numbers (additional search patterns can be created using Unix regular expressions).
5) Snort – using the
Bleeding EdgeEmerging Threat Snort rules, (see BLEEDING-EDGE Credit Card Number Detected ET POLICY Credit Card Number Detected in Clear) You might be using snort as and IDS – or using a product or appliance that uses it as its engine. This tool is also very handy to check for email that contains CC data as well. (EDIT: Bob writes to say the that Emerging Threats have replaced the Bleeding Edge project as it died. Thanks !)
using the parameter Strings -n min-len
Let me know of others that are useful.