Methodology, system, and computer-readable medium for collecting data from a computer
First Claim
1. A computerized method for collecting suspected data of interest from a computer that includes short-term memory and long-term memory, wherein the suspected data of interest resides within the short-term memory and is expected to be characteristic of an operating system exploit, said computerized method comprising:
- (a) searching the short-term memory to locate at least one target memory range therein which contains the suspected data of interest; and
(b) copying the suspected data of interest within the target memory range to an alternate data storage location, in a manner which avoids writing the suspected data to the long-term memory.
0 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for collecting suspected data of interest from a computer comprises searching the computer'"'"'s shot-term memory to locate at least one target memory range containing the suspected data of interest, and copying the suspected data of interest within the target memory range to an alternate data storage location in a manner which avoids writing the suspected data to the computer'"'"'s long-term memory. Alternatively, the suspected data of interest can be copied to a previously unused data storage location while preserving integrity of non-volatile memory resources. A computer-readable medium and a system for collecting target forensics data are also provided.
58 Citations
33 Claims
-
1. A computerized method for collecting suspected data of interest from a computer that includes short-term memory and long-term memory, wherein the suspected data of interest resides within the short-term memory and is expected to be characteristic of an operating system exploit, said computerized method comprising:
-
(a) searching the short-term memory to locate at least one target memory range therein which contains the suspected data of interest; and
(b) copying the suspected data of interest within the target memory range to an alternate data storage location, in a manner which avoids writing the suspected data to the long-term memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computerized method for collecting target forensics data from a computer that includes a volatile memory and a non-volatile memory, wherein the target forensics data resides within the volatile memory and is characteristic of a type of exploitation to the computer'"'"'s operating system which renders the operating system insecure, said computerized method comprising:
-
(a) locating the target forensics data within the volatile memory; and
(b) copying the target forensics data from the volatile memory to an alternate data storage location in a manner which avoids utilizing memory resources associated with the non-volatile memory.
-
-
17. A computerized method for collecting suspected data of interest from a computer that includes volatile memory and non-volatile memory, wherein the suspected data of interest resides within the volatile memory and is expected to be characteristic of an operating system exploit, said computerized method comprising:
-
(a) locating at least one target memory range containing the suspected data of interest; and
(b) copying the suspected data of interest from the target memory range to a previously unused data storage location while preserving integrity of memory resources within the non-volatile memory.
-
-
18. A computerized method for collecting suspected data of interest from a computer that includes short-term memory and long-term memory, wherein the suspected data of interest resides within the short-term memory and is expected to be characteristic of an operating system exploitation which has rendered the computer insecure, said computerized method comprising:
-
(a) identifying different types of suspected data of interest, each of which is expected to be characteristic of said exploitation, thereby to establish a target data set; and
(b) for each type of suspected data of interest within the target data set;
(i) searching the short-term memory to locate an associated target memory range therein which contains the suspected data of interest; and
(ii) copying the suspected data of interest within the associated target memory range to an alternate data storage location, in a manner which avoids writing the suspected data to the long-term memory.
-
-
19. A computer-readable medium for use in collecting suspected data of interest residing within a computer'"'"'s short-term memory, wherein the suspected data of interest is expected to be characteristic of an operating system exploit, said computer-readable medium having executable instructions for performing a method, comprising:
-
(a) locating at least one target memory range within the short-term memory which contains the suspected data of interest; and
(b) enabling the suspected data of interest to be copied from the target memory range to an alternate data storage location, in a manner which avoids writing the suspected data of interest to any long-term memory region of the computer. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A system for collecting target forensics data expected to be characteristic of an operating system exploitation, comprising:
-
(a) a short-term memory for temporary data storage;
(b) a long-term memory for permanent data storage;
(c) a data storage location distinct from said short-term memory and said long-term memory, and (d) a processor programmed to;
locate a target memory range within short term-memory which contains the target forensics data; and
copy the target forensics data from the target memory range to the data storage location in a manner which avoids writing said forensics data to the long-term memory. - View Dependent Claims (33)
-
Specification