國立高雄大學圖資館 |

語系: 繁體中文

說明(常見問題)

圖資館首頁

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Forensic framework for honeypot anal...

Fairbanks, Kevin D.

Forensic framework for honeypot analysis.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Forensic framework for honeypot analysis.
作者:	Fairbanks, Kevin D.
面頁冊數:	99 p.
附註:	Source: Dissertation Abstracts International, Volume: 71-07, Section: B, page: .
附註:	Adviser: Henry L. Owen, III.
Contained By:	Dissertation Abstracts International71-07B.
標題:	Engineering, Electronics and Electrical.
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3414450
ISBN:	9781124077109

Forensic framework for honeypot analysis.
Fairbanks, Kevin D.

Forensic framework for honeypot analysis. - 99 p.

Source: Dissertation Abstracts International, Volume: 71-07, Section: B, page: .

Thesis (Ph.D.)--Georgia Institute of Technology, 2010.

The objective of this research is to evaluate and develop new forensic techniques for use in honeynet environments, in an effort to address areas where anti-forensic techniques defeat current forensic methods. The fields of Computer and Network Security have expanded with time to become inclusive of many complex ideas and algorithms. With ease, a student of these fields can fall into the thought pattern of preventive measures as the only major thrust of the topics. It is equally important to be able to determine the cause of a security breach. Thus, the field of Computer Forensics has grown. In this field, there exist toolkits and methods that are used to forensically analyze production and honeypot systems. To counter the toolkits, anti-forensic techniques have been developed. Honeypots and production systems have several intrinsic differences. These differences can be exploited to produce honeypot data sources that are not currently available from production systems. This research seeks to examine possible honeypot data sources and cultivate novel methods to combat anti-forensic techniques.

ISBN: 9781124077109Subjects--Topical Terms:

226981
Engineering, Electronics and Electrical.

Forensic framework for honeypot analysis.
LDR:02702nmm 2200289 4500 001 280829
005 20110119095004.5
008 110301s2010 ||||||||||||||||| ||eng d
020 $a 9781124077109
035 $a (UMI)AAI3414450
035 $a AAI3414450
040 $a UMI $c UMI
100 1 $a Fairbanks, Kevin D. $3 492963
245 1 0 $a Forensic framework for honeypot analysis.
300 $a 99 p.
500 $a Source: Dissertation Abstracts International, Volume: 71-07, Section: B, page: .
500 $a Adviser: Henry L. Owen, III.
502 $a Thesis (Ph.D.)--Georgia Institute of Technology, 2010.
520 $a The objective of this research is to evaluate and develop new forensic techniques for use in honeynet environments, in an effort to address areas where anti-forensic techniques defeat current forensic methods. The fields of Computer and Network Security have expanded with time to become inclusive of many complex ideas and algorithms. With ease, a student of these fields can fall into the thought pattern of preventive measures as the only major thrust of the topics. It is equally important to be able to determine the cause of a security breach. Thus, the field of Computer Forensics has grown. In this field, there exist toolkits and methods that are used to forensically analyze production and honeypot systems. To counter the toolkits, anti-forensic techniques have been developed. Honeypots and production systems have several intrinsic differences. These differences can be exploited to produce honeypot data sources that are not currently available from production systems. This research seeks to examine possible honeypot data sources and cultivate novel methods to combat anti-forensic techniques.
520 $a In this document, three parts of a forensic framework are presented which were developed specifically for honeypot and honeynet environments. The first, TimeKeeper, is an inode preservation methodology which utilizes the Ext3 journal. This is followed with an examination of dentry logging which is primarily used to map inode numbers to filenames in Ext3. The final component presented is the initial research behind a toolkit for the examination of the recently deployed Ext4 file system. Each respective chapter includes the necessary background information and an examination of related work as well as the architecture, design, conceptual prototyping, and results from testing each major framework component.
590 $a School code: 0078.
650 4 $a Engineering, Electronics and Electrical. $3 226981
650 4 $a Computer Science. $3 212513
690 $a 0544
690 $a 0984
710 2 $a Georgia Institute of Technology. $3 212511
773 0 $t Dissertation Abstracts International $g 71-07B.
790 1 0 $a Owen, Henry L., III, $e advisor
790 $a 0078
791 $a Ph.D.
792 $a 2010
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3414450