Forensic framework for honeypot analysis
نویسنده
چکیده
منابع مشابه
Honeypot technologies and their applicability as an internal countermeasure
Honeypots or honeynets are a technology that is rapidly maturing and establishing this archetype of countermeasure as viable and useful in modern network defence. Honeypot technology is now at a point of development where near real-time monitoring and forensic analysis of security events can occur. This paper explores the hurdles to be overcome for the internal deployment of honeypot technologies.
متن کاملTime-Traveling Forensic Analysis of VM-Based High-Interaction Honeypots
Honeypots have proven to be an effective tool to capture computer intrusions (or malware infections) and analyze their exploitation techniques. However, forensic analysis of compromised honeypots is largely an ad-hoc and manual process. In this paper, we propose Timescope, a system that applies and extends recent advances in deterministic record and replay to high-interaction honeypots for exte...
متن کاملJustifying the Need for Forensically Ready Protocols: a Case Study of Identifying Malicious Web Servers Using Client Honeypots
Client honeypot technology can find malicious web servers that attack web browsers and push malware, so called drive-by-downloads, to the client machine. Merely recording the network traffic is insufficient to perform an efficient forensic analysis of the attack. Custom tools need to be developed to access and examine the embedded data of the network protocols. Once the information is extracted...
متن کاملReconstructing People's Lives: A Case Study in Teaching Forensic Computing
In contrast to the USA and the UK, the academic field of forensic computing is still in its infancy in Germany. To foster the exchange of experiences, we report on lessons learnt in teaching two graduate level courses in forensic computing at a German university. The focus of the courses was to give a research-oriented introduction into the field. The first course, a regular lecture, was accomp...
متن کاملHoneyd - A OS Fingerprinting Artifice
This research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd’s primary deceptive mechanism is the use of the NMAP fingerprint database to provide b...
متن کامل