Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Registry and File Monitoring Programs for Windows Honeypots

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sat, 30 Aug 2003 12:05:06 -0400
I don't know if it would work well in a honeypot, but there's a free PCMag utility
called Inctrl (http://www.pcmag.com/article2/0,4149,70209,00.asp) that tracks file and
registry changes.

Larry Seltzer
Editor
Ziff Davis Security Supersite
http://security.ziffdavis.com/
larryseltzer () ziffdavis com 

-----Original Message-----
From: Hines, Eric [mailto:ehin4 () allstate com] 
Sent: Friday, August 29, 2003 6:47 PM
To: honeypots () securityfocus com
Subject: Registry and File Monitoring Programs for Windows Honeypots


List:

I am building a Windows honeypot and am very interested in to hear what sort of software
programs some of you might be using to monitor registry and files changes. Sure, sure, I
know their is regmon and filemon, but I use those more for when I'm sitting in front of
the machine and purposely executing a worm to see what registry entries and files it
creates or changes. Are all of you just using regmon or filemon and logging to a file? 

Eric Hines

=============================================
Eric Hines
Senior Intrusion Analyst 
Allstate Information Security
---------------------------------------------
[e] ehin4 () allstate com
[c] (847) 830-2883
[a] 1075818 () skytel com
---------------------------------------------
3075 Sanders Road
Suite G2E
Northbrook, IL 60062 =============================================
Previous By Date Next
Previous By Thread Next

Current thread: