±Forensic Focus Partners
±Your Account
Membership:
New Today: 0
New Yesterday: 0
Overall: 28040
Visitors: 47±Forensic Focus Partner Links
±Latest Articles
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Nope. Honeypots are usually subjected to some sort of monitoring and/or analysis...
Ha, and some versions of Windows don't even bother with Event Logs. Cuz, you know, what point is there in knowing why Windows crashed and burned?
To which versions are you referring? Win95/98?
Thank you for your prompt response.
Do you know if it is possible for an attacker/intruder to alter the logs created by the honeypot? Not using anything else but a honeypot. I.E. no network sniffers etc.
How would an investigator be able to tell if an attacker/intruder has altered the log files?
Honeypots
Go to page 1, 2, 3 Next
Honeypots
Posted: Wed Feb 13, 2013 6:21 am
Hi everyone,
Has anyone got any experience of working with honeypots on Windows OS?
I'm doing my university project on someone hiding their tracks on a honeypot. But there doesn't seem to be much literature on it. I know of Lance Spitzner's Honeypot Project. Do you know where I can find more information?
Many thanks!
Has anyone got any experience of working with honeypots on Windows OS?
I'm doing my university project on someone hiding their tracks on a honeypot. But there doesn't seem to be much literature on it. I know of Lance Spitzner's Honeypot Project. Do you know where I can find more information?
Many thanks!
-
Sarah_Camp - Newbie
Re: Honeypots
Posted: Wed Feb 13, 2013 7:12 am
I'm not sure that you'll find a great deal of literature on that topic. Honeypots are meant to provide tempting targets for attackers/intruders, and lead them into a heavily monitored system or subnet. As such, "hiding your tracks" is extremely difficult, if not impossible (based on what monitoring tools are in place).
A honeypot is akin to putting the last Hostess Twinkie on a pedestal in a room, and having all sorts of cameras, motion detectors, etc., in place. You then hope that the intruder goes after the Twinkie instead of your jewelry, and monitor their actions. With the right monitoring (network taps, file system and Registry monitors, etc.), the only way to avoid being detected is to not even attempt to get the Twinkie at all.
A honeypot is akin to putting the last Hostess Twinkie on a pedestal in a room, and having all sorts of cameras, motion detectors, etc., in place. You then hope that the intruder goes after the Twinkie instead of your jewelry, and monitor their actions. With the right monitoring (network taps, file system and Registry monitors, etc.), the only way to avoid being detected is to not even attempt to get the Twinkie at all.
-
keydet89 - Senior Member
Re: Honeypots
Posted: Wed Feb 13, 2013 7:14 am
Isn't any Windows PC connected to the internet a honeypot by default?
-
twjolson - Senior Member
Re: Honeypots
Posted: Wed Feb 13, 2013 8:53 am
- twjolsonIsn't any Windows PC connected to the internet a honeypot by default?
Nope. Honeypots are usually subjected to some sort of monitoring and/or analysis...
-
keydet89 - Senior Member
Re: Honeypots
Posted: Wed Feb 13, 2013 9:36 am
- keydet89
Nope. Honeypots are usually subjected to some sort of monitoring and/or analysis...
Ha, and some versions of Windows don't even bother with Event Logs. Cuz, you know, what point is there in knowing why Windows crashed and burned?
-
twjolson - Senior Member
Re: Honeypots
Posted: Wed Feb 13, 2013 10:54 am
- twjolson
Ha, and some versions of Windows don't even bother with Event Logs.
To which versions are you referring? Win95/98?
-
keydet89 - Senior Member
Re: Honeypots
Posted: Wed Feb 13, 2013 11:46 am
- keydet89I'm not sure that you'll find a great deal of literature on that topic. Honeypots are meant to provide tempting targets for attackers/intruders, and lead them into a heavily monitored system or subnet. As such, "hiding your tracks" is extremely difficult, if not impossible (based on what monitoring tools are in place).
A honeypot is akin to putting the last Hostess Twinkie on a pedestal in a room, and having all sorts of cameras, motion detectors, etc., in place. You then hope that the intruder goes after the Twinkie instead of your jewelry, and monitor their actions. With the right monitoring (network taps, file system and Registry monitors, etc.), the only way to avoid being detected is to not even attempt to get the Twinkie at all.
Thank you for your prompt response.
Do you know if it is possible for an attacker/intruder to alter the logs created by the honeypot? Not using anything else but a honeypot. I.E. no network sniffers etc.
How would an investigator be able to tell if an attacker/intruder has altered the log files?
-
Sarah_Camp - Newbie