D3-DF
Decoy File
Definition
A file created for the purposes of deceiving an adversary.
How it works
The decoy file is made available as a local or network resource. Accesses to the file may be monitored. The files may be configurations, documents, executables, or other file types.
Considerations
Properties of the file such as cryptographic checksums, file creation date, file modified date, file size, file owner etc may be modified to improve the credibility of the file.
Example
•A CSV file with decoy user credentials is placed on a system. The system or network is then monitored to detect any accesses to the decoy files.
Artifact Relationships
This defensive technique relates to specific digital artifacts.