Honeypots are computational resources whose value resides in being
probed, attacked or compromised by invaders. This makes it possible
to obtain information about their methods, tools and motivations.
In high-interaction honeypots, this is done, among other ways, by collecting 
digital evidence.  This collection is traditionally done manually and statically, 
demanding time and not always generating good results. In this paper, we describe 
an automatic, dynamic and transparent mechanism based on system call interception
for collecting digital evidence on honeypots, filling in the flaws found in the
traditional methodologies