Title:
Forensic framework for honeypot analysis

dc.contributor.advisor Owen, Henry L., III
dc.contributor.author Fairbanks, Kevin D. en_US
dc.contributor.committeeMember Beyah, Raheem
dc.contributor.committeeMember Copeland, John
dc.contributor.committeeMember Giffin, Jonathon
dc.contributor.committeeMember Ji, Chuanyi
dc.contributor.department Electrical and Computer Engineering en_US
dc.date.accessioned 2010-06-10T17:02:23Z
dc.date.available 2010-06-10T17:02:23Z
dc.date.issued 2010-04-05 en_US
dc.description.abstract The objective of this research is to evaluate and develop new forensic techniques for use in honeynet environments, in an effort to address areas where anti-forensic techniques defeat current forensic methods. The fields of Computer and Network Security have expanded with time to become inclusive of many complex ideas and algorithms. With ease, a student of these fields can fall into the thought pattern of preventive measures as the only major thrust of the topics. It is equally important to be able to determine the cause of a security breach. Thus, the field of Computer Forensics has grown. In this field, there exist toolkits and methods that are used to forensically analyze production and honeypot systems. To counter the toolkits, anti-forensic techniques have been developed. Honeypots and production systems have several intrinsic differences. These differences can be exploited to produce honeypot data sources that are not currently available from production systems. This research seeks to examine possible honeypot data sources and cultivate novel methods to combat anti-forensic techniques. In this document, three parts of a forensic framework are presented which were developed specifically for honeypot and honeynet environments. The first, TimeKeeper, is an inode preservation methodology which utilizes the Ext3 journal. This is followed with an examination of dentry logging which is primarily used to map inode numbers to filenames in Ext3. The final component presented is the initial research behind a toolkit for the examination of the recently deployed Ext4 file system. Each respective chapter includes the necessary background information and an examination of related work as well as the architecture, design, conceptual prototyping, and results from testing each major framework component. en_US
dc.description.degree Ph.D. en_US
dc.identifier.uri http://hdl.handle.net/1853/33977
dc.publisher Georgia Institute of Technology en_US
dc.subject Dentry en_US
dc.subject TimeKeeper en_US
dc.subject Ext4 en_US
dc.subject File system forensics en_US
dc.subject Ext3 en_US
dc.subject Honeypot en_US
dc.subject.lcsh Computer crimes Investigation
dc.subject.lcsh Computer networks Security measures
dc.title Forensic framework for honeypot analysis en_US
dc.type Text
dc.type.genre Dissertation
dspace.entity.type Publication
local.contributor.advisor Owen, Henry L., III
local.contributor.corporatename School of Electrical and Computer Engineering
local.contributor.corporatename College of Engineering
relation.isAdvisorOfPublication d3983de1-d725-47f4-b653-a318b39d8fd9
relation.isOrgUnitOfPublication 5b7adef2-447c-4270-b9fc-846bd76f80f2
relation.isOrgUnitOfPublication 7c022d60-21d5-497c-b552-95e489a06569
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
fairbanks_kevin_d_201005_phd.pdf
Size:
1.82 MB
Format:
Adobe Portable Document Format
Description: