The goal of the Forensix ("4N6") Project is to allow a system to be monitored so that, in the event of a security compromise, it is easy to track the compromise back to its source and recover from it. To facilitate this, Forensix performs a complete kernel event audit on the target system and streams the high-definition audit trail to a backend database that has been optimized for reconstruction queries. Some applications of Forensix include: Forensix is a joint project between the University of Toronto and Portland State University. It has been supported by the National Science Foundation (NSF) under Grant ANI-0230960. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author and do not necessarily reflect the views of the National Science Foundation.

More information Logo