This chapter covered the structured approach to honeypot analysis. It reviewed all the different ways to examine honeypot data, including analyzing network traffic, changes to the file system, and changes to the OS. There are hundreds of useful forensic utilities to help make the job easier.
Chapter 12 will finish the book by discussing malware code disassembly.
KeywordsVirtual Machine Malicious Code Forensic Analysis Forensic Tool Open Relay
Unable to display preview. Download preview PDF.