Trewnte - Thank you very much for your list of references. They are very helpful for my project. I have came across a couple before you mentioned them, but not some of the others (which were more useful).
Randomaccess - So do you think that it's unlikely for a hacker to alter log files to hide their tracks?
Keydet89 - thank you for your explanation. My scenario for my project is going to be that they don't back up the honeypot logs or send them to a different location. During an investigation how would you go about examining to see if log files have been changed?
Thank you all for taking the time to respond.
↧