Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sebek2 - A Kernel-based Data Capture Tool

Posted by michael on Saturday September 27, 2003 @08:52AM from the i-spy-with-my-little-eye dept.

LogError writes "Sebek is a piece of code the lives entirely in kernel space and records either some or all data accessed by users on the system. This paper is a detailed discussion of Sebek, how it works and its value."

1 of 74 comments (clear)

Min score:

Reason:

Sort:

Wow! by scovetta · 2003-09-27 08:57 · Score: 3, Interesting

I'm sure the speed of a kernel-level logger will be amazing. I bet WinXP comes with one already running and recording everything.

Actually, doesn't Windows come with some pretty fancy-schmancy documented (and undocumented) kernel-level logging APIs?

Or is this *nix? I should RTFA.

--
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche