The Community for Technology Leaders
Green Image
Issue No. 05 - September-October (2004 vol. 2)
ISSN: 1540-7993
pp: 77-80
Danielle Kaminsky , TEGAM International
Frederic Raynal , MISC Magazine
Yann Berthier , Herv? Schauer Consultant
Philippe Biondi , Arche/Omnetica Group
ABSTRACT
In the previous issue, we focused on how to analyze network activity by looking at flows. This activity gives us a quick, but imprecise, idea of what happens to a honeypot and reveals almost all of an intruder?s actions. Although flows are an effective method for monitoring honeypots in real time, they?re not sufficient if we want to learn more about the intruder. To accomplish this goal, we must investigate the compromised host itself. In this article. we'll show how to build two timelines of events: one from network clues and the other from what the host tells us. We can then merge these timelines and answer additional questions.
INDEX TERMS
honeypots, honeynets, network analysis
CITATION
Danielle Kaminsky, Frederic Raynal, Yann Berthier, Philippe Biondi, "Honeypot Forensics, Part II: Analyzing the Compromised Host", IEEE Security & Privacy, vol. 2, no. , pp. 77-80, September-October 2004, doi:10.1109/MSP.2004.70
86 ms
(Ver )