Honeypot Forensics, Part II: Analyzing the Compromised Host
IEEE Security and Privacy
Internet forensics on the basis of evidence gathering with Peep attacks
Computer Standards & Interfaces
Packet-based context aware system to determine information system user's context
Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
A major goal of honeypot research is to improve our knowledge of blackhats from two perspectives: technical and ethnological. For the former, we want new ways to discover rootkits, trojans, and potential zero-day exploits (although capturing zero-day exploits in a honeypot is an unusual event). For the latter, we want a better understanding of the areas of interest and hidden links between blackhat teams. One way to achieve these goals is to increase the verbosity of our honeypot logs and traces; the most common tools for doing this are Sebek (http://project.honeynet.org/tools/sebek/) for system events and Snort (www.snort.org) for network activity. Unfortunately, there is no easy way to correlate information from these sources, which complicates honeypot forensics.