Ground Labs Support Team August 13, 2012 •
Cardholder Data Discovery
Card Recon, Data Recon and Enterprise Recon are capable of identifying common email storage formats and scanning them for sensitive data. This capability is enabled by default for any file based scanning across all Ground Labs products.
Detecting Email Storage
When an email storage format is identified, the scanning engine will natively decode the file format and scan each individual email including attachments. Where attachments contain multiple layers (e.g. a Zip file) the scanning engine will recursively decode each layer.
The associated scanning report includes a separate section to highlight all emails where cardholder data was discovered. The report specifically states elements such as Sender, Receiver, Subject, Date and Time.
MS Outlook/Exchange formats (PST, DBX, STM), including 32/64 bit variants
MBox (Thunderbird, Sendmail, Postfix, Exim, Eudora, and others)
Maildir (Qmail, Courier, Exim, Posfix, and others)
MIME encapsulated file attachments
Quoted printable MIME encodings
Base64 MIME encodings