×

Automated collection of forensic evidence associated with a network security incident

  • US 20080244694A1
  • Filed: 06/30/2007
  • Published: 10/02/2008
  • Est. Priority Date: 04/02/2007
  • Status: Active Grant
First Claim
Patent Images

1. An automated method for collecting and retaining forensic evidence that is applicable to a security incident that occurs in an enterprise networking environment, the method comprising the steps of:

  • arranging the enterprise network environment so that each of a plurality of endpoints in the enterprise network may communicate security assessments over a communication channel, each of the security assessments being arranged for describing an object in the enterprise network environment;

    invoking a mode for forensic evidence collecting in response to a security assessment of a detected security incident by which the object in the enterprise network environment becomes compromised;

    invoking a mode for retaining the collected forensic evidence; and

    applying dynamic policies to the forensic evidence collecting and retaining so that the collecting and retaining will use different modes for different objects.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×