COMP 4027 Forensic and Analytical Computing

This file contains the description of assignment 1.


assignment 1 honeypot research and decision
description to research existing honeypot software and facilities and make a recommendation on which to use
marks 15% (5% for seminar and 10% for report)
assessable component seminar 10 minutes to class in week 5 30 March (big 2-hour lecture); short report
  • seminar week 5 lecture on 30 March
  • report 03 April 11pm via AssignIT
personnel in small groups of 2 or 3


You have been assigned a task to gather evidence of illicit activity on your host machine. Your supervisor is concerned that your server has been infiltrated in the past and wants to firstly ensure that intrusions are detected (as much as possible), and secondly that you can gather enough evidence to prosecute the perpetrators. A honeypot seems the ideal solution, as it allows you to collect evidence on a criminal's activities without too much risk to your real data and systems. On the other hand, there is concern that too attractive a honeypot will entice criminals to return to a site that would otherwise not be of much interest. Also, it is necessary to determine whether setting up criminals to perform activities they would not otherwise have done is going to be admissible as evidence in court.

In groups of two or three, you should research tools and methods for setting up a honeypot. Look for tools and methods that may have been successfully used to prosecute in the past. Consider the risk to your real data and how that risk can best be mitigated (e.g. a particular server architecture).

Note this assignment leads into assignment 3 and you will likely be allocated into groups for assignment 3 according to your recommendations in assignment 1.


You will need to achieve 50% or above in this component to pass the course.

Assignment 1 is worth 15% of the total for this course. You will be given 10% for the report, and 5% for the short seminar to the rest of the class. Your participation in class discussion can contribute to your seminar mark.

All people in the groups will be given the same mark for both report and seminar unless a case is made otherwise (for example, non participation in the assignment will mean a result of 0 for the assignment).


The two deliverables are the report, written jointly, and the seminar, also written jointly and presented by either one or both members of the group.

The report should answer questions such as:

The seminar will be for a total of 10 minutes, not more than 5 Powerpoint slides (excluding title slide) and should address briefly the same questions as the report, in a concise format. The seminar is for you to explain to your supervisor what your honeypot recommendation is and why it is your choice, and to field any questions.


The seminar is scheduled for the lecture on 30 March. You should submit your talk to Helen Ashman for uploading to the course website no later than Thursday 26 March. Do not email the talk but email a URL.

The report is due Friday 03 April at 11pm, and should be submitted by one of the group members via assignIT.


You will be assigned to groups of two or three for this exercise. The groupings will be released on 09 March.

Some resources

Last update hla 2009-03-03