SecurityFocus Article Announcement
From: Hal Flynn (flynn@securityfocus.com)
Date: 03/21/03
- Previous message: Ian G Batten: "Re: Better Syslog server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Mar 2003 09:23:13 -0700 (MST) From: Hal Flynn <flynn@securityfocus.com> To: focus-sun@securityfocus.com
IDS Logs in Forensics Investigations: An Analysis of a Compromised
Honeypot
by Alan Neville
This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.
http://www.securityfocus.com/infocus/1676
Hal Flynn
Symantec Corp.
"....You guys are the Marine's doctors; There's no better in the business
than a Navy Corpsman...."
-- Lieutenant General Lewis B. "Chesty" Puller, U.S.M.C.
- Previous message: Ian G Batten: "Re: Better Syslog server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
