Title :
Honeypot forensics, part II: analyzing the compromised host
Author :
Raynal, Frédéric ; Berthier, Yann ; Biondi, Philippe ; Kaminsky, Danielle
Abstract :
Although flows are an effective method for monitoring honeypots in real time, they are not sufficient if we want to learn more about the intruder. To accomplish this goal, we must investigate the compromised host itself. In this article, we show how to build two timelines of events: one from network clues and the other from what the host tells us. We can then merge these timelines and answer additional questions.
Keywords :
computer network management; security of data; telecommunication security; compromised host; event timelines; honeypot forensics; intruder; network clues; Computer security; Computerized monitoring; Cryptography; Debugging; Forensics; Geophysical measurement techniques; Ground penetrating radar; Postal services; Privacy; Reverse engineering; honeynets; honeypots; network analysis;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.70
