> And, once you > have a snapshot of a VM, you can make as many copies as you need, so > you can try all manner of different forensics tricks without worry of > damaging the data.
Sounds like a good plan for a honeypot. I'm surprised no one in KPLUG has taken the time to have some fun with a honeypot and report the results. That'd make a nice blog. cs -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
