Forensix

The goal of the Forensix ("4N6") Project is to allow a system to be monitored so that, in the event of a security compromise, it is easy to track the compromise back to its source and recover from it. To facilitate this, Forensix performs a complete kernel event audit on the target system and streams the high-definition audit trail to a backend database that has been optimized for reconstruction queries. Some applications of Forensix include:

Accurately replaying any and all system compromises.
Determining what specific data (such as credit card numbers) has been accessed on the system as a result of a compromise.
Automatically determining what modifications have been made to a system by an illicit user.
Selectively "undo"-ing illicit system modifications

Forensix is a joint project between the University of Toronto and Portland State University. It has been supported by the National Science Foundation (NSF) under Grant ANI-0230960. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author and do not necessarily reflect the views of the National Science Foundation.

More information

SourceForge project page
Project web page.