Method and Apparatus for Real Time Identification and Recording of Artifacts

US 20110125748A1
Filed: 11/15/2010
Published: 05/26/2011
Est. Priority Date: 11/15/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method of network database maintenance comprising:

designating a network packet data to be stored in one of a packet capture repository and a database residing on a file system to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration based on content analysis and inspection;

grouping the designated packet data in the database, the groupings comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration;

indexing the database to point to a memory location of the designated packet data in the packet capture repository; and

providing for querying the indexed database to identify a location of packet data in the packet capture repository.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and a system of method and apparatus for real time identification and recording of artifacts are disclosed. In one embodiment, a method of network database maintenance includes designating a network packet data to be stored in one of a packet capture repository and a file system resident database to indicate an artifact type, a protocol type, an application, a user-definable attribute, and a temporal session duration based on a real-time packet inspection. The method includes grouping the designated packet data in a database including packet data having a similar one of the artifact type, the protocol type, the application, the user-definable attribute and the temporal session duration. In addition, the method of network database maintenance includes indexing the database to point to a memory location of the designated packet data grouped in the database in the packet capture repository.

133 Citations

28 Claims

1. A method of network database maintenance comprising:
- designating a network packet data to be stored in one of a packet capture repository and a database residing on a file system to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration based on content analysis and inspection;
  
  grouping the designated packet data in the database, the groupings comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration;
  
  indexing the database to point to a memory location of the designated packet data in the packet capture repository; and
  
  providing for querying the indexed database to identify a location of packet data in the packet capture repository.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising recording a metadata in the database, the metadata associated with the designated packet data in the database.
  - 3. The method of claim 1, wherein the artifact type comprises at least one of a word processing document, a spreadsheet document, a database, a multimedia content, a multimedia file, an e-mail, an instant messaging (IM) communication, a compressed file, an executable file, a web page, a presentation document, a program file, and a data package.
  - 4. The method of claim 1, wherein the protocol type comprises at least one of a hypertext transfer protocol (http), a simple mail transfer protocol (SMTP), a remote procedure call (RPC) protocol, voice over internet protocol (VoIP), a peer to peer protocol, a file transfer protocol (ftp), a streaming media protocol, and an IM protocol.
  - 5. The method of claim 1, further comprising reconstructing the identified packet data based on the location of a corresponding designated packet data in the packet capture repository.
  - 6. The method of claim 1, further comprising performing at least one of data analytics, data statistics, data forensics, and data metrics based on the identified packet data in the database.
  - 7. The method of claim 1, further comprising querying the database to apply a pattern matching scheme to extract the identified packet data from the packet capture repository.
  - 8. The method of claim 5, wherein reconstructing the identified packet data includes presenting information associated with the identified packet data in a suitable format to convenient analysis of the presented information.
  - 9. The method of claim 5, wherein reconstructing the identified packet data includes a sequencing process to correctly order and normalize a packet flow.
  - 10. The method of claim 7, wherein the pattern matching scheme includes at least one of scanning, regular expression, and fuzzy pattern matching.
  - 11. The method of claim 7, further comprising identifying a flow of the packet data prior to applying the pattern matching scheme.
  - 12. The method of claim 8, wherein the presented information associated with the identified packet data includes at least one of a temporally ordered list comprising at least one element represented by at least one of a thumbnail image and an informational description.
  - 13. The method of claim 5, wherein reconstructing the identified packet data further includes rendering information associated with the matched packet data on a web browser.
  - 14. The method of claim 11, further comprising identifying the flow of the packet data through a packet source identification data and a packet destination identification data.
  - 15. The method of claim 12, further comprising rendering a file associated with the matched packet data on a client application.
  - 16. The method of claim 12, further comprising:
    - reconstructing an image associated with the at least one element of the temporally ordered list using a virtual client application; and
      
      forming the thumbnail image through a snapshot of the image associated with the at least one element of the temporally ordered list.
  - 17. The method of claim 16, further comprising reconstructing the image associated with the at least one element of the temporally ordered list using a virtual web browser.

18. A method of network database maintenance comprising:
- applying a threshold window to identify a flow of packet data to be stored in one of a packet capture repository and a file system resident indexing database to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration upon a real-time packet inspection;
  
  recording a packet data in the identified flow in a database comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration when the threshold window is not exceeded; and
  
  indexing the database to point to a memory location of the recorded packet data in a packet capture repository.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method of claim 18, further comprising querying the database facilitate the extraction of a matched packet data from the packet capture repository by determining its location from the packet data recorded in the database.
  - 20. The method of claim 18, further comprising recording a metadata associated with the packet data in the database.
  - 21. The method of claim 18, wherein the artifact type comprises at least one of a word processing document, a spreadsheet document, a database, a multimedia content, a multimedia file, an e-mail, an instant messaging (IM) communication, a compressed file, an executable file, a web page, a presentation document, a program file, and a data package.
  - 22. The method of claim 18, wherein the protocol type comprises at least one of a hypertext transfer protocol (http), a simple mail transfer protocol (SMTP), a remote procedure call (RPC) protocol, voice over internet protocol (VoIP), a peer to peer protocol, a file transfer protocol (ftp), a streaming media protocol, and an IM protocol.
  - 23. The method of claim 18, wherein the threshold window may be applied to an inspection and analysis of a packet flow.
  - 24. The method of claim 23 wherein exceeding the threshold window causes a discontinuation of the inspection and analysis of the packet flow.
  - 25. The method of claim 19, further comprising reconstructing the matched packet data based on a corresponding memory location of the recorded requisite packet data in the packet capture repository.
  - 26. The method of claim 19, comprising querying the database to apply a pattern matching scheme to extract the matched packet data in the database.

27. A system comprising:
- a packet capture repository to store a network packet data; and
  
  an indexing database, maintained by an indexing module, containing classified data modules pointing to one or more memory locations of one or more network packet data in the packet capture repository, the network packet data being grouped in the database in accordance with at least one of an artifact type, a protocol type, an application, and a temporal session duration based on a real-time packet inspection along with packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration.
- View Dependent Claims (28)
- - 28. The system of claim 27, wherein the network packet data is from one of an Asynchronous Transfer Mode (ATM) network, an Ethernet, a 3G network, a 4G network, and a wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Solera Networks, Inc. (Gen Digital Inc.)
Inventors
Wood, Matthew S., Levy, Joseph H., Tveit, Paal

Application Number

US12/946,539
Publication Number

US 20110125748A1
Time in Patent Office

Days
Field of Search
US Class Current

707/737
CPC Class Codes

G06F 16/903   Querying for retrieval from...

H04L 43/026   using flow identification

H04L 43/028   by filtering

H04L 43/04   Processing captured monitor...

H04L 67/561   Adding application-function...

H04L 69/22   Parsing or analysis of headers

Y02D 30/50   in wire-line communication ...

Method and Apparatus for Real Time Identification and Recording of Artifacts

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Real Time Identification and Recording of Artifacts

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links