First page Back Continue Last page Summary Graphics
The HoneyNet Forensic Challenge -- Analysis & Findings
Methodologies
- Chain of Custody and Preservation of Evidence
- Techniques and Processes
The Analysis
- The Givens
- The Exploit
- The Attacker
- The Compromise
- Disk Inode Analysis and Recovery
- Timeline Summary
- Rootkit Analysis
- Conclusions
Notes:
Will only cover the highlights. See the project results page for gory details.
Analysis was done with standard Linux utilities. The Linux debugfs command was used to analyze each of the ext2 filesystem images.
Forensics tools such as 'The Coroners Toolkit' (TCT) simplify and automate much of the process.
http://www.porcupine.org/