• Search
• Free Magazines
• Newest Links
• Categories
• Register
• Login

IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot

Added by Papergrl

Description: An attacker has compromised a Sun Solaris server on a production network using an exploit for the dtspcd service in CDE; a Motif-based graphical user environment for Unix systems. You are the senior security engineer of the Security Operations Center (SOC) for your company and are required to find out how the box was compromised and by whom. Using only a Snort binary capture file from the remote log server, you are to conduct a complete analysis of all IDS captures, log files, and an inspection of the file system.