This chapter covered the structured approach to honeypot analysis. It reviewed all the different ways to examine honeypot data, including analyzing network traffic, changes to the file system, and changes to the OS. There are hundreds of useful forensic utilities to help make the job easier.
Chapter 12 will finish the book by discussing malware code disassembly.
KeywordsGhost Editor Program Lost
Unable to display preview. Download preview PDF.