×

Method and system for obtaining and analyzing forensic data in a distributed computer infrastructure

  • US 10,257,216 B2
  • Filed: 04/23/2015
  • Issued: 04/09/2019
  • Est. Priority Date: 06/16/2014
  • Status: Active Grant
First Claim
Patent Images

1. A system for obtaining and analyzing forensic data in a distributed computer infrastructure, said system comprising:

  • multiple computation devices;

    at least one monitoring unit;

    at least one analysis unit; and

    an operating unit;

    wherein said computation devices are connected to one another via a communication network, and each computation device is configured to detect security events and to send them to the monitoring unit, and the monitoring unit is configured to rate the received security events and to assign them a danger category,wherein when there is insufficient information for assigning a danger category, each computation device is configured to receive instructions for collecting additional forensic data for rating the security event and to send the collected, additional data to the monitoring unit, and the monitoring unit is configured to transmit instructions for collecting additional data to the computation device, and, following reception of the collected, additional data, to evaluate said data and to use them for fresh rating and assignment of a danger category,wherein the analysis unit is configured to transmit a software agent to the computation device for installation and activation on the computation device, and wherein the software agent is configured to ascertain additional data in the computation device and to send them to the analysis unit,wherein the analysis unit processes the additional data and sends the processed additional data to the monitoring unit,wherein the monitoring unit again rates the security events by assigning a weighting factor to the security events and the processed additional data and by assigning a danger category if the sum of the weighting factors exceeds a threshold value, and the monitoring unit reports the danger category to the operating unit, andwherein the operating unit takes an action based on the reported danger category.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×