By Topic

Honeypot forensics, part II: analyzing the compromised host

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
4 Author(s)

Although flows are an effective method for monitoring honeypots in real time, they are not sufficient if we want to learn more about the intruder. To accomplish this goal, we must investigate the compromised host itself. In this article, we show how to build two timelines of events: one from network clues and the other from what the host tells us. We can then merge these timelines and answer additional questions.

Published in:

Security & Privacy, IEEE  (Volume:2 ,  Issue: 5 )