The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September-October (2004 vol.2)
pp: 77-80
Frederic Raynal , MISC Magazine
Yann Berthier , Herv? Schauer Consultant
Philippe Biondi , Arche/Omnetica Group
Danielle Kaminsky , TEGAM International
ABSTRACT
In the previous issue, we focused on how to analyze network activity by looking at flows. This activity gives us a quick, but imprecise, idea of what happens to a honeypot and reveals almost all of an intruder?s actions. Although flows are an effective method for monitoring honeypots in real time, they?re not sufficient if we want to learn more about the intruder. To accomplish this goal, we must investigate the compromised host itself. In this article. we'll show how to build two timelines of events: one from network clues and the other from what the host tells us. We can then merge these timelines and answer additional questions.
INDEX TERMS
honeypots, honeynets, network analysis
CITATION
Frederic Raynal, Yann Berthier, Philippe Biondi, Danielle Kaminsky, "Honeypot Forensics, Part II: Analyzing the Compromised Host", IEEE Security & Privacy, vol.2, no. 5, pp. 77-80, September-October 2004, doi:10.1109/MSP.2004.70
21 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool