Honeypot Forensics

No stone unturned or: logs, what logs?

Krisztian Piller and Sebastian Wolfgarten

Playlists: '21c3' videos starting here / audio / related events

In the world of intrusion detection, intrusion prevention and hacker research honeypots are a quite a new and interesting technology. But only few know there is more to achieve with honeypots than just catch an intruders attention. Honeypots could reward you with versatile results and this presentation will be interesting to you even if you are familiar with deploying IDS/IPS/Honeypot systems. We will give an overview of the existing tools and provide you with a methodology to start your own forensic examinations.