Forensic analysis of computing activity

Forensic analysis of computing activity

A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Smith, Andrew G. P, Thomas, Andrew J, Ladnai, Beata, Harris, Mark David, Ray, Kenneth D, Humphries, Russell
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.