Documentation & Evidence
Reporting
Proper documentation is critical for physical penetration tests. Evidence must be collected carefully to prove access without causing damage or alarm.
Always Carry
- Authorization letter (signed)
- Emergency contact numbers
- Hidden body camera (if legal/authorized)
- Smartphone for photos/video
- Notebook for observations
Document Everything
- Time and date of entry
- Method of entry (tailgating, badge clone, etc.)
- Areas accessed
- People interacted with
- Sensitive items observed
- Photos of vulnerabilities
- Screenshots from dropped devices
Photo Subjects
Sanitize PII in final report
- Unlocked doors
- Visible credentials
- Unsecured equipment
- Sensitive documents
- Badge reader models
- Camera blind spots
- Plant locations (if dropped)
Debrief Questions
- Was I challenged at any point?
- Who let me in? (don't name in report, just role)
- What would have stopped me?
- What was the path of least resistance?
- How long until detected (if at all)?
Report Structure for Physical Test
- Executive Summary
- Scope & Methodology
- Entry Methods Used (with timeline)
- Areas Accessed
- Critical Findings
- Evidence (photos, video stills)
- Risk Ratings
- Remediation Recommendations
Professional Tip
Always have a "burned" exit strategy. If confronted, be polite, show authorization immediately,
and ask to speak with your point of contact. Never lie to law enforcement if they become involved.