Editors

While stepping through the Workstation sections, you will notice that there are some automated test results populated in the results treeview on the left. These are Workstation’s automated findings, and include items such as MITM Test, SSL Strip, Found Sensitive Data, and more. A default risk level is assigned; however, it is ultimately up to the analyst to determine what risk level is appropriate for each finding. Furthermore, we encourage analysts to create their own findings, notes, etc. through additional manual forensic analysis, advanced code testing using the remote shell, or other options provided through the Workstation interface.

This section outlines how to view, create, edit, or delete the following: Findings, Notes, Screenshot, and Output.

View

To view any of the results in the results treeview on the left, click the result and its contents will be displayed in the Editor pane (bottom right section within Workstation).

A click on one result in the tree-view:

View

will populate its information directly in the Editors pane:

Editors Pane

Clicking on an “artifact” item will automatically pop-up the Artifact Viewer. Please refer to the “Artifact Viewer” help section for more details

Create

Within the Editor window, you have the option to create a Finding, Screenshot, Note, or Output.

Prior to creating an item, you must first decide in which of the Report sections you’d like this item to be displayed.

Click on the section tab of your choice at the top of the NowSecure Lab window to select the location where your item will be created.

For example, to create a new finding under “Forensics”, you can follow those simple steps:

  1. Select the “Forensics” tab at the top of your window

  2. In the Editor pane at the bottom, select the item you wish to create (in this case, “Finding”)

  3. Click on the “New” button in the bottom-right of the editor

Findings

  1. Fill in the requested information – in this case, a title for your finding, the section where you want to save your finding, a description, and assign a CVSS value (or risk level).

Notice that you can choose to save your finding in any section of your choosing at any time during the assessment. To do so, just select the section of your choice in the “Section” dropdown menu, and upon clicking on the save button, your element will either be created (for a new finding) or moved (for an existing one) inside the section you chose.

  1. Click on the “Save” button.

Findings

Your new finding will be populated in the appropriate folder in the results treeview on the left (in this case, it will fall under the “Forensics” folder).

Edit

The Editor panel allows you to modify any existing items on the left tree view.

To edit any of these items, perform the following steps:

  1. Click on the item in the results treeview to display its properties in the Editor pane

  2. Modify any of the fields that you wish to change (description, title…)

  3. Click the “Save” button.

The modifications will be applied, and the result on the left will be overwritten with the new updated one.