Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.


ASTRA. (2008). "Belgian researchers develop desktop supercomputer.", from http://fastra.ua.ac.be/en/index.html.

Baecher, P., M. Koetter, et al. (2009). "nepenthes." from http://nepenthes.carnivore.it/.

Ellson, J. and E. Gansner (2008). Graphviz - Graph Visualization Software, AT&T.

Marty, R. (2007). "Afterglow." from http://afterglow.sourceforge.net.

Microsoft. (2003). "Microsoft Security Bulletin MS03-026 - Buffer Overrun In RPC Interface Could Allow Code Execution (823980)." Retrieved 6th Feb, 2006, from http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.