SecurityFocus Article Announcement
From: Hal Flynn (firstname.lastname@example.org)
Date: Fri, 21 Mar 2003 09:23:13 -0700 (MST) From: Hal Flynn <email@example.com> To: firstname.lastname@example.org
IDS Logs in Forensics Investigations: An Analysis of a Compromised
by Alan Neville
This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.
"....You guys are the Marine's doctors; There's no better in the business
than a Navy Corpsman...."
-- Lieutenant General Lewis B. "Chesty" Puller, U.S.M.C.