Title :
TimeKeeper: A Metadata Archiving Method for Honeypot Forensics
Author :
Fairbanks, Kevin D. ; Lee, Christopher P. ; Xia, Ying H. ; Owen, Henry L., III
Author_Institution :
Georgia Inst. of Technol., Atlanta
Abstract :
Internet attacks are becoming more advanced as the economy for cybercrime grows and the tools for evading detection become ubiquitous. To counter this threat, new detection and forensics tools are needed to capture these new techniques. In this paper, we propose a method to extract and analyze a richer set of forensic information from the file system journal of honeypots in spite of anti-forensic tool use. We show initial results of our journal monitoring prototype, TimeKeeper, of file system activities and argue that by detecting these events, we are able to capture previously unavailable forensic information. This forensic information can then be used for system recovery, research on attack techniques, insight into attacker motives, and for criminal investigations.
Keywords :
Internet; computer crime; Internet attacks; TimeKeeper; file system activities; honeypot forensics; journal monitoring prototype; metadata archiving method; Computer crime; Counting circuits; Data mining; Event detection; File systems; Forensics; Information analysis; Internet; Monitoring; Prototypes; Ext3 Journal; File Systems; Forensics; Honeypot; Metadata;
Conference_Titel :
Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC
Conference_Location :
West Point, NY
Print_ISBN :
1-4244-1304-4
Electronic_ISBN :
1-4244-1304-4
DOI :
10.1109/IAW.2007.381922
