Jen Johnson

About OGI
Final Report
About Me

The goal of the Forensix ("4N6") Project is to allow a system to be monitored so that, in the event of a security compromise, it is easy to track the compromise back to its source. To facilitate this, the system requires two machines: a potentially insecure "front-line" machine, and a known secure back-end. Information about system calls is stored in a MySQL database on the back-end. 4N6 is built on top of SNARE.
Click Here for PDF of Resource
The brunt of our research is covered in the Hacking Fundamental slides; the link and instructions on accessing the slides has been supplied above.
Forensix is a high performance reconstruction and analysis tool for supporting computer forensics activities. It uses three main ideas to improve the accuracy and reduce the human overhead of performing forensic analysis; it performs comprehensive monitoring
of the execution of a target system at the system call
level, it streams the system-call information, in real-time, to append only storage on a separate, hardened, logging machine, and it uses database technology to support high-level querying of the archived log. What this means to the layman is that Forensix will record instances of intrusion, storing the attack information on a separate machine. This enables the network administrator the ability to research such attacks and secure the system against future intrusions.
The ability to query, specifically, to query in a very detailed manner, gives the user a great deal of control in dealing with the mass amounts of information that the Forensix system records.