SECTION C
EMPLOYER'S REQUIREMENTS
TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
1. Introduction
a. Project Background
PWA ISD is planning to implement Application Security, Incident Response and Data Forensics Lab Solution.
The aim is to:
Application Security
Protect the most valuable information asset that is business-critical containing sensitive data by analyzing static and dynamic code to identify and point out security vulnerabilities in source code during the earlier stages of SDLC by prioritizing the results and providing best practices for the developers to write secure code.
Security Incident Response
Build Resilient Systems which has agile Incident Response action plans and workflows, centralize response coordination and collaboration, task management, threat intelligence, simulations, analysis and reporting.
Data Forensics Mini Lab
Capability of techniques to gather, investigate, analyze and preserve evidence from a particular computing device or digital media in a way that is suitable for presenting facts and opinions about the digital information to the corporate investigation committee or in a court of law.
b. Project Objective
The Objective is to select a supplier to assist PWA in establishing the most cost effective and efficient comprehensive solution for the program “Application Security, Security Incident Response and Data Forensics Mini Lab Solutions” with 8X5 Technical support services while maintaining high standards of quality and service.
2. Assumptions/Dependencies
a. The Contractor has to provide end-to-end solution for the deployment of the Solution and integrate with PWA’s internal monitoring and logging systems. b. The Contractor has to perform the deployment with Zero downtime. c. The Contractor should be an authorized Platinum or Gold partner of the specific vendor that they propose. d. The Contractor shall provide qualified/certified engineers to perform the required installation and configuration activities. e. The Contractor shall strictly adhere to the Service Level Agreement which they made between PWA and the Vendor.
Project ID: ISD 2016 SS 83 S C/1 January 2017 Supply, Installation and Maintenance of Application Security, Security Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
f. The Contractor shall provide Design/Solution document along with all the required diagrams.
3. Technical Requirements
A. Application Security
Application Security solution that spans across software development lifecycle and satisfies the security requirements with the flexibility of testing on-demand and on premise web and mobile applications. The solution should analyze static and dynamic code to identify and point out security vulnerabilities in source code during the earlier stages of SDLC by prioritizing the results and providing best practices for the developers to write secure code.
PWA expects the Solution to support the following features:
IDE-Plugin integrations including eclipse - visual studio Identifying vulnerabilities associated with multiple languages, including: JAVA, JavaScript, SQL, C, C++, .NET (C#, ASP.NET), PL/SQL, COBOL. Provide source level information and dataflow evidence for vulnerabilities Provide detailed remediation guidance on how to fix the vulnerabilities at the line-of-code level. Export the findings as reports. Detecting and fixing security issues in later stages of software development lifecycle is much more costly; so with source code security analysis security issues will be detected and fixed at early stages of software development lifecycle and the cost of fixing these issues is going to be less. Integrates with build automation to automatically scan source code with each build. Vendor should provide configurations / integration requirements with IDE and Build systems. Security analysts should be able to manage all static testing’s that can be executed either in build systems or by developers in their IDE. Customizable report generator to help demonstrate compliance with industry regulations and best practices, including the OWASP Top 10 and PCI. be a leader in the field of analysis of source code (GMQ, ...); enables auditing of source code of web applications (static analysis); enables support of mobile applications for Android and iOS; enables analysis of applications related threats; allows advanced reporting with details of available or potential dashboards with the solution; Project ID: ISD 2016 SS 83 S C/2 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
possibility of integration with IDE development environments (specify); Support Framework development (clear list detailing the development and Framework supported languages.) allows the realization of static and dynamic analysis (optional) applications; enables identification of critical vulnerabilities against the OWASP top 10, NIST, SANS Top 25 support scheduled and continuous scanning support for Software Security Assurance Program governance support for run time protection for applications
A.1 Language Support
Source Code Analyses must be supporting the programming languages listed in the following table.
Language Versions
ABAP/BSP 6
ActionScript/MXML (Flex) 3, 4
ASP.NET, VB.NET, C# (.NET) 4.5 and earlier
C/C++
Classic ASP (with VBScript) 2, 3
IBM Enterprise Cobol for z/OS 3.4.1 with IMS, DB2, COBOL CICS, MQ
ColdFusion CFML 8
HTML 5 and earlier
Java (including Android) 5.0, 6, 7, 8
JavaScript/AJAX 1.7
JSP 1.2, 2.1
Objective C
Project ID: ISD 2016 SS 83 S C/3 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
PHP 5.3
PL/SQL 8.1.6
Python 2.6 ‐ 2.7
TSQL SQL Server 2005, 2008, 2012
Ruby 1.9.3
Visual Basic 6
VBScript 2, 5
XML 1.0
A.2 iOS Code and XCode Support
iOS SDK Xcode Version
7 5.0
7.1 5.1
8 6
A.3 Build Tools
Build Tool Versions
Ant 1.8.x, 1.9.4
Jenkins 1.5
Maven 3.2.3
MSBuild 2, 3.5, 4.x
Xcodebuild 5.x, 6.x
Project ID: ISD 2016 SS 83 S C/4 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
A.4 Compliers
Platform Compilers Versions
Mac OS Xcode 5.0, 5.1, 6.0, 6.1, 6.2
AIX, Linux, HP UX, Mac OS, gcc GNU gcc 2.9 through 4.9 Solaris, Windows
AIX, Linux, HP UX, Mac OS, g++ GNU g++ 3.2 through 4.9 Solaris, Windows
Intel C++ Linux icc 8.0 Compiler
Windows cl VS 2010, 2012, 2013, 2015
Oracle Solaris Solaris 9, 10, 11, 12 Studio
AIX, Linux, HP UX, Mac OS, Oracle javac 5, 6, 7, 8 Solaris, Windows
A.5 Supported IDE Environments: Remediation Plugins:
IDE Versions
Eclipse 3.7.2, 4.3.2, 4.4
JDeveloper 11.1, 12c
IntelliJ Ultimate 12, 13
IntelliJ Community 13
Android Studio 1.0.1
2010 Premium, Professional, and Ultimate 2012 Premium, Professional and Ultimate 2013 Premium, Microsoft Visual Studio Professional and Ultimate 2015 Premium, Professional and Ultimate Note: SCA is not compatible with MS Visual Studio Express.
Project ID: ISD 2016 SS 83 S C/5 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
A.6 SCA Secure Code Plugin Service Integrations
Service Applications Versions Supported Tools
Bug tracking
Visual Studio SCP, Bugzilla 4.2 and Eclipse SCP
HP Application Lifecycle Audit Workbench Management (ALM)/HP 11.0, 11.5, 12.0 and Eclipse SCP Quality Center (HPQC)
Microsoft Team Foundation Server (TFS)
Note: To integrate with TFS, you must first install the Visual Studio Team Explorer 2010, 2012, 2013 Visual Studio SCP software. To integrate with TFS 2010, you must install Visual Studio SCP on a machine running Visual Studio 2010 Premium or Professional edition.
JIRA 6.1.6
Plugin for Eclipse, HP Fortify Software Security 4.30 and Package for Center Bug tracker Visual Studio
Project ID: ISD 2016 SS 83 S C/6 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Vulnerability Check
The product should support source code level scanning and analysis The code scanner should support all languages mentioned in 3.B Language Support The Vendor should maintain a database of all known vulnerabilities and update it with new vulnerabilities. The product should scan for all types of vulnerabilities described below. Item Vulnerability Classes 1 Access Control 2 Arbitrary Command Execution 3 Authentication & Authorization Evasion 4 AJAX 5 Backdoor Inputs & Exposure 6 Buffer Overflows 7 Command Injection 8 Cookie Poisoning 9 Configuration Management 10 Content Spoofing 11 Cross-site Scripting - product tests for a minimum of 20 variants within this class 12 Data Sanitization 13 Data Theft 14 Debug Options 15 Directory Listing, Enumeration 16 Extension Checking 17 Error Handling 18 Forceful Browsing 19 Format String Command Execution 20 FTP 21 Hidden Field Manipulation 22 HTTP Attacks 23 HTTP Response Splitting 24 Identity Spoofing 25 Insecure Configuration and Data Access 26 Known Vulnerabilities 27 LDAP Injection 28 Malicious File Uploading 29 One-Click Attacks 30 Parameter Manipulation/Tampering 31 Port Checks 32 Session Fixation 33 Session Hijacking 34 SOAP Injection 35 SQL Injection - product tests for a minimum of 40 variants within this class 36 Stealth Commanding 37 Suspicious Content 38 Third-party Misconfiguration 39 Unwanted File Disclosure 40 User Passwords 41 Web Forms Tampering Project ID: ISD 2016 SS 83 S C/7 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Vulnerability Classes 1 Web Service Vulnerability Scanning 2 XML Injection 3 XPath Injection
Testing Abilities
Item Technologies 1 Active Server Pages (ASP) 2 AJAX 3 ASP.NET 2.0 4 CFML 5 Flash 6 HTTP 7 HTTPS 8 HTTPS with client certificates 9 JavaServer Pages (JSP) 10 JavaScript Parsing 11 Remote procedure call (RPC) 12 SOAP 13 VBScript
Operating Environment
The scan should not disrupt the network . The scanner should scan all network protocols Does the application require any additional hardware installed in or attached to the server (ex: dongle, interface cards, modem)?
Database Environment:
The Application can be installed on SQL server or should have its own database Vendor should provide database sizing for PWA environment
Security:
Define all secure communication protocols/models supported and/or required (e.g. IPSEC, VPN, SSL, SFTP, authentication methods) with the customer front end. Describe means for enforcing strong password requirements. Describe the assessment process used to verify the security of the application. The solution should support integration with PWA SIEM tool. Have you written information security standards and specifications that all of your Tool should support auditing (e.g. access audit logs).
Project ID: ISD 2016 SS 83 S C/8 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Identity Management: This pertains to Identify Management Integration with Authentication & Account Provisioning.
The tool should support integration with Microsoft Active Directory for Authentication The tool should support role based access. The tool should support authentication via proxy
B. Incident Response
B.1 Deployment of Incident Response Platform: PWA looking to implement incident response system with an intelligent platform that can react faster, coordinate better and respond smarter with the help of agile action plans and workflows, threat intelligence, simulation, analysis and reporting.
B.2 Integration with existing Technologies: PWA is looking for a platform that can integrate with its existing infrastructure such as security information and event management solution, ticketing tool etc...
C. Data Forensics Mini Lab The solution should provide distinct techniques to gather, investigate, analyse and preserve evidence from a particular computing device or digital media in a way that is suitable for presenting facts and opinions about the digital information to the organisation’s investigation committee or in a court of law.
PWA expects the Solution to support the following features:
Powerful forensic workstation kit as a digital forensic lab in a portable case with full assortment of forensic write blockers, the speed and flexibility of the TD2 forensic duplicator, adapters and all required cables and software. Acquire data from a wide variety of devices Complete a comprehensive disk-level investigation Easy to use Interface Powerful Customizable processing Comprehensive Searching Automated External Review Integrated Investigation Workflows Flexible Reporting Options
Project ID: ISD 2016 SS 83 S C/9 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description Forensic Hardware UltraBlock Bridges: UltraBlock USB 3.0 - IDE/SATA UltraBlock SAS UltraBlock USB 3.0 Ultrablock Firewire TP5 Universal Power Supply and Power Adapter Cables All Standard Cables and Adapters
TD2U Forensic Duplicator: Forensic Duplicator Unit All Standard Cables and Adapters
External Devices and Enclosures: USB3 Read Only/Read Write switchable External Hard Drive Chassis with Power Supply Digital Intelligence Integrated Forensic Media Card Reader - Read-Only and Read/Write Switchable
Extras: Hard Drive Adapter 2.5 Inch Hard Drive Adapter 1.8 Inch TDA5-ZIF ZIF HD Adapter w/case TDA3-1 Micro SATA HD Adapter SATA LIF Adapter Blade Type SSD Adapter FireWire Adapter 9pin to 4pin FireWire Adapter 9pin to 6pin Micro/Mini SD to SD Adaptor Kit 2 TB SATA Hard Drive Precision Electronic Tool Kit Power Strip - 120v/240v Compatible Universal Power Adapter
Case: Hard-sided with Padded Laptop Insert Watertight / Airtight High Impact Custom Foam Lined Custom Lid Organizer for Cables and Adapters
Software Windows 10 Professional (64 bit) Project ID: ISD 2016 SS 83 S C/10 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description SUSE Professional Linux (64 bit) Symantec GHOST CD Authoring Software DRIVESPY IMAGE PDWIPE PART PDBLOCK
Forensic Software Operating System and File System Support: Operating system Support: Windows 95/98/NT/2000/XP/2003 Server, Linux Kernel 2.4 and above, Solaris 8/9 both 32 & 64 bit, AIX, OSX. File systems support: FAT12/16/32, NTFS, EXT2/3 (Linux), Reiser (Linux), UFS (Sun Solaris), AIX Journaling File System (JFS and jfs) LVM8, FFS (OpenBSD, NetBSD and FreeBSD), Palm, HFS, HFS+ (Macintosh), CDFS, ISO 9660, UDF, DVD, and TiVo® 1 and TiVo 2 file systems. The imaging and analysis of RAID arrays, including hardware and software RAIDs. Dynamic Disk Support for Windows 2000/XP/2003 Server. Ability to preview and acquire select Palm devices. Ability to interpret and analyze VMware, Microsoft Virtual PC, DD and SafeBack v2 image formats.
Acquisition Acquisition Granularity: Examiners have more control over the way hard drive data is acquired. Errors: Historically, when a read error is found on a hard disk, the entire block of data containing the read error is zeroed out. With the Forensic software, you should have the flexibility to specify the number of sectors that get zeroed when an error is found. Acquisition Blocks: Examiners can define the amount of data to acquire during an acquisition operation, ensuring the fastest acquisition rates possible. Acquisition Restart: Examiners can continue a Windows-based acquisition from its point of interruption, and not have to reacquire the entire device from the beginning. Project ID: ISD 2016 SS 83 S C/11 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description Logical Evidence Files: These let you selectively choose exactly which files or folders you want to preserve, instead of acquiring the entire drive. Unlike copying files from a device and altering critical metadata, logical evidence preserves the original files as they existed on the media and include a wealth of additional information such as file name, file extension, last accessed, file created, last written, entry modified, logical size, physical size, MD5 hash value, permissions, starting extent and original path of the file.
Evidence File Preservation Evidence File created should be compressed and preserved as bitstream images of acquired media. The Evidence File created should be widely known throughout the law enforcement and computer security industries. It should be accepted by courts to the federal appellate level and around the world.
Powerful Analytical Functionality The ability to analyze and search large amounts of data quickly and easily is a critical capability of any incident response, computer investigation or analysis tool. The software should offer the most advanced, comprehensive and easy-to-use tool to carry out these complicated and time-consuming tasks, across multiple file systems and languages. Automated Analysis: SweepCase lets examiners automatically choose the types of analysis they want to perform on a set of media instead of having to initiate each tool separately. Multiple Sorting Fields: Examiners can sort files according to 30 different fields, including all four time stamps (File Created, Last Accessed, Last Written and Entry Modified), file names, file signatures and extensions, hash value, full path, permissions. Filters and Filter Conditions: Filters let the examiner reduce the amount of information displayed, based on user-specified criteria. Queries: Examiners can combine filters to create complex queries using simple "OR" or "AND" logic.
Project ID: ISD 2016 SS 83 S C/12 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description View "Deleted" Files and Other Unallocated Data in Context: Should offer a Windows-Explorertype view of deleted and unallocated data. This includes file slack, swap files, print spooler data and all other unallocated data files. International Language Support: Should supports Unicode data decoding and can search and display any language that Unicode supports. This allows examiners to search and view data in its native format such as German, Arabic or Kanji. Encrypted Volumes and Hard Drive Encryption: Should analyze and acquire mounted encrypted volumes, such as PGP and DriveCrypt, and give examiners full access to data on hard drives that are wrapped with encryption technology, such as SafeBoot. Link File Examination: This automated process reads all forms of link (.lnk) files — both allocated and unallocated — and decodes the results for quick and easy analysis. Being able to quickly discover and interpret link files gives the examiner valuable information, such as learning that a suspect is transporting company data onto a thumb drive or external media, or what files, applications and shares the suspect commonly used. Active Directory Information Extractor: The Active Directory Information Extractor forensically analyzes the Active Directory database (NTDS.DIT) and extracts the username, SID, home directory, email address, last login, last failed login and next password change. Hardware Analysis: Automatically culls through the registry and configuration files to quickly identify the types of hardware installed on a target machine, including NIC cards, FireWire devices, thumb drives, IDE devices and other hardware information. Recover Folders: Automatically rebuilds the structure of formatted NTFS and FAT volumes. Log and Event File Analysis: Should provide a single means by which to analyze, search and document log and event file data.
Project ID: ISD 2016 SS 83 S C/13 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description Symbolic Link Analysis: Should give access to and analysis of symbolic link information to simplify analysis of UNIX-based file systems. Compound Document and File Analysis: Many files — such as Microsoft Office documents, Outlook PSTs, TAR, GZ, thumbs.db and ZIP files — store internal files and metadata that contain valuable information once exposed. Should automatically displays these internal files, file structures, data and metadata. Once these files have been virtually mounted within the software, they can be searched, documented and extracted in a number of different ways. File Signature Analysis: Should automatically verify the signature of every file it searches and identify those modified extensions. Hash Analysis: Should automatically create hash values for all of the files in a case. Built-in Registry Viewer: The integrated registry viewer organizes the registry data file into folders, giving examiners an expedient and efficient way to view the Windows registry and determine values.
Search Technologies The forensic tool should locate information anywhere on physical or logical media. Proximity Search: This feature searches through all files in a case for a specific keyword and returns the responsive documents with the keyword and a specified number of bytes surrounding it. This is a critical function when trying to add context around the information you are searching for. Internet and Email Search: This feature will find, parse, analyze and display various types of Internet and email artifacts across machines. The Internet and email search finds mail formats (such as Hotmail, Outlook, Lotus Notes, Yahoo, AOL, Netscape, mbox and Outlook Express) and Internet artifacts from Internet Explorer, Mozilla, Opera and Safari. Search Options: In addition to the standard search feature, software should offer a number of options that can be used to search through data:
Project ID: ISD 2016 SS 83 S C/14 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description o Case Sensitive: The keyword will be searched for, but only in the exact case specified in the text box. o GREP: The keyword is a regular expression to search, using the Global Regular Expressions Post (GREP) advanced searching syntax. o RTL Reading: This will search for the keyword in a right-to-left sequence for international language support. o Active Code Page: This lets you enter keywords in many different languages. o Big Endian/Little Endian Unicode/UTF- 8/UTF-7: Software should allow examiners to search using multiple Unicode standards as opposed to ASCII. This enables investigators to search for keywords with international language characters. Logical File Recognition: Files often span noncontiguous clusters and software should search all such allocated files.
Documentation and Reporting The software should allow users define with detailed granularity what information is presented and how it is presented, depending on the purpose and target audience of the investigation. Almost all information revealed by software should be exported into various file formats for external reporting and analysis purposes. Automatic Reports: Since the requirement to generate reports is so critical, software should have a number of automatically generated reports that can be created. These automated reports should show a wealth of information depending on the type being generated like... o Listing of all files and folders in a case o Detailed listing of all URLs and corresponding dates and times that websites were visited o Document incident report that helps create the required documentation relevant during the incident response process
Project ID: ISD 2016 SS 83 S C/15 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description o Detailed hard drive information about physical and logical partitions Bookmarks: These are the individual components that drive the information contained in the report. During analysis, an examiner can use bookmarks in various ways to identify and document specific clues. There are seven different types of bookmarks: o Highlighted Data: Created when highlighting specific text o Notes: Allows the user to write additional comments into the report o Folder Information: Used to bookmark the tree structure of a folder or device information of specific media o Notable File: A file documented by itself o File Group: Indicates that the bookmark was made as part of a group of selected files o Log Record: Contains the results of log parsing activity o Registry: Contains the results of Windows registry parsing activity Instant Decoding of Nontext Data: Within the reporting section of software, an examiner may "decode" nontext data, so it can be presented in a more recognizable format. Integrated Picture Viewer with Gallery View: A fully integrated picture viewer automatically locates and displays many known graphical image types, including Microsoft thumbs.db files. Timeline: This integrated viewer allows an examiner to see all relevant time attributes of all the files in the case in a powerful graphical environment. Intellitype: A quick way for an examiner to jump to files of relevance, instead of having to sort by a particular file attribute and scroll through the data. Time Zone Settings: Examiners can set the time zone for each piece of media in a case, enabling simple comparison of media from different time zones. Built-in Help: Quick and easy access to relevant information in the user manual, with topics pertaining to almost every feature of the software. The user
Project ID: ISD 2016 SS 83 S C/16 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description manual is a wealth of rich product-related information that can help even the most senior examiners.
Internet and Email investigation Two of the most critical areas of any investigation typically involve the analysis of artifacts related to the Internet and email. Software should have a number of powerful features that facilitate efficient examinations, including recognition of the various files typically associated with Internet and email artifacts.
Email Analysis: Software should have the ability to find, parse, analyze, display and document various types of email formats, including Outlook PSTs/OSTs ('97- '03), Outlook® Express DBXs, Lotus Notes NFS, webmail such as Hotmail, Netscape and Yahoo; UNIX mbox files like those used by Mac OS X; Netscape; Firefox; UNIX email applications; and AOL 6, 7, 8, 9. In some cases, software should recover deleted files and depending on the email format, the status of the machine. o Presentation: Email analysis results are placed in a common format — which is easy to navigate to — where examiners can find information necessary to support the most complex investigations. o Browser History Analysis: Software should have powerful and selective search capabilities for Internet artifacts that can be done by device, browser type or user. Software should automatically parse, analyze and display various types of Internet and Windows history artifacts logged when websites or file directories are accessed through supported browsers, including Internet Explorer, Mozilla, Opera and Safari. o Internet artifact search: The Internet history keyword search searches out all Internet Explorer history information and writes it out in HTML format, allowing the examiner to quickly and easily investigate the same sites that the subject visited.
Project ID: ISD 2016 SS 83 S C/17 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
Item Description o WEB cache analysis: Most browsers automatically save a copy of each Web page that is viewed, including the pictures, text and multimedia elements. Software should find, parse, analyze, display and document this information. o HTML carver: The HTML carver is a powerful search and export function that looks for HTML files independent of the browser or Internet-enabled application and allows the examiner to search those files by keyword or other criteria. o HTML page reconstruction: Software should render HTML Web pages from within the Examiner for easy viewing and quick analysis. o Kazaa toolkit: Searches through a case looking for various Kazaa artifacts. o Instant Messenger toolkit: Searches through a case looking for various Instant Messenger artifacts. o Presentation: As with email, Internet history information is placed in a common interface — which is easy to navigate to — where examiners can quickly find information necessary to support the investigation
Project ID: ISD 2016 SS 83 S C/18 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
2.0 Product Requirements
A. Application Security Solution
Item Qty Application Security Software Solution Suite 1 Application Security Add-on Application Pack 6 Application Security Scanning User 20 Application Security Governance Base 1 Application Security Governance User 1 Application Security Governance 20 Project Pack 1 Dynamic Application Security Testing for 1 Named User 1 3 Years Licenses & Support 1 On Site training 5 Implementation 1 Security Application Development Life Cycle process 1 consulting
B. Incident Response Solution
Details Qty IRP - Security Module with 3 yr Maintenance 1 IRP - Action Module with 3 yr Maintenance 1 Security Operation Centre (ASOC) process consulting and 1 Integration 3 Years Licenses , Support & Maintenance 1 80 inch LED TV with stand 1
C. Data Forensic Mini LAB Solution
Details Qty VPER Mobile Forensic acquisition & examination kit 1 EnCASE V8.0 1 3 Years Licenses, 3 Years Warranty , Support & Maintenance 1 On-site Training 1 Data Forensics investigation process Consulting 1
Project ID: ISD 2016 SS 83 S C/19 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
3.0 Service Level Agreement
The Contractor shall provide the support services with the below Service-Level Agreement for mission critical issues and day-to-day product support.
Service-Level Agreement (Priority = Impact x Urgency)
Priority/Severity Description (Response Time/Resolution Level Time) Emergency OR Complete system 30 min./ 2 hours High/Level 1 breakdown OR all users impacted
Partial System break down OR a 1 hour / 8 hours Medium/Level 2 particular group of users/system affected
Minor impact in system OR New 1 day / 7 days Low/Level 3 feature Request OR General Queries OR few users impact
4.0 Project Deliverables
The Contractor will be engaged with PWA for actual execution of the installation, configurations knowledge transfer, documentation and handover of the tool to PWA’s team. Below are the deliverables from the Contractor during the execution of the project:
Information Media/Format
Project Plan For Implementation Microsoft Project File (.Mpp)
Process Consulting For Security Application Development Life Cycle, Security Operation Centre And Data Forensics In Person(Consultant) Investigation
Solution Design Document Document
Quick Reference / Training Material Document
On-Site Knowledge Transfer To Project Knowledge Transfer PWA Team On-Site Training With Labs And Solution/ Tool Training (8 number of participants) Training Manuals
Step By Step Configuration Document Document
3 Years Licenses Document
Project ID: ISD 2016 SS 83 S C/20 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions TECHNICAL SUBMISSION EMPLOYER'S REQUIREMENTS SECTION C
3 Years Warranty For Applicable Hardware/Components Document
3 Years Support & Maintenance On-Site Support To PWA Team
5.0 Project Timeline/Duration:
Key Description Start Date Period for Completion Period Stage Completion in from Calendar Days Commencement Data (CD) in Calendar Days Supply & Delivery of Application Security, Incident Response and Data Forensics Mini Lab Solutions and Software Licenses as per Section C-Employer’s Requirements and Tender Document at its entirety.
Supply & Delivery of Application Security, Incident Response 1 and Data Forensics 60 60 CD + 60 Mini Lab Solutions and 3 Years Software Licenses Installation, Testing, 2 Commissioning And CD + 60 90 CD + 150 Data Migration Onsite Training With Labs And Training CD + 155 3 Manuals (8 number of CD + 150 5 (Concurrent with participants for a KS#4) duration of 5 days) Support Services for 3 Years (Local 4 CD + 150 1095 CD + 1245 Support, Warranty & Maintenance)
Project ID: ISD 2016 SS 83 S C/21 January 2017 Supply, Installation and Maintenance of Application Security, Incident Response and Data Forensics Mini Lab Solutions