[Fed-Talk] The Power of BSM
[Fed-Talk] The Power of BSM
- Subject: [Fed-Talk] The Power of BSM
- From: Todd Heberlein <email@hidden>
- Date: Mon, 24 Nov 2008 18:31:41 -0800
Hi all,
For those interested in what Apple's BSM auditing system can do, I've
put up a short (~8 min) video providing some background on BSM and an
example (via a screencast of a personal tool I've been working on) of
what BSM can do that is pretty much impossible with the common
monitoring approaches used today (i.e., network monitoring and disk
forensics). The video is at
http://web.me.com/todd_heberlein/BSM/
This is Apple's BSM, but you can also get BSM for Solaris and FreeBSD.
Apple's implementation still has some issues (I've filed several bug
reports), but it is making progress. I have high hopes for Snow Leopard.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden