IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot by Alan Neville
This paper will deconstruct the steps taken to conduct a full analysis of a compromised machine. In particular, we will be examining the tool that was used to exploit a dtspcd buffer overflow vulnerability, which allows remote root access to the system. The objective of this paper is to show the value of IDS logs in conducting forensics investigations. http://www.securityfocus.com/infocus/1676 Stephen Entwisle Moderator, Security-Basics SecurityFocus http://www.securityfocus.com (403) 213 3939 ext. 235
