k-hell writes
"Researchers from the University of Michigan are
using virtual machines to
'to provide security in an operating-system-independent manner.' They
have designed and implemented a replay service for virtual machines
called
ReVirt,
which 'logs enough information to replay a long-term execution of a
virtual machine instruction-by-instruction.' A system called BackTracker
'automatically identifies potential sequences of steps that occurred in
an intrusion,' and they provide a nice
example of
BackTracker's output for an attack against a machine that they set up as
a honeypot, where an attacker gained access through httpd. Here's the
source
code."
http://slashdot.org/articles/03/06/06/156230.shtml?tid=126&tid=172
