Method and Apparatus for Real Time Identification and Recording of Artifacts
First Claim
1. A method of network database maintenance comprising:
- designating a network packet data to be stored in one of a packet capture repository and a database residing on a file system to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration based on content analysis and inspection;
grouping the designated packet data in the database, the groupings comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration;
indexing the database to point to a memory location of the designated packet data in the packet capture repository; and
providing for querying the indexed database to identify a location of packet data in the packet capture repository.
11 Assignments
0 Petitions
Accused Products
Abstract
Methods and a system of method and apparatus for real time identification and recording of artifacts are disclosed. In one embodiment, a method of network database maintenance includes designating a network packet data to be stored in one of a packet capture repository and a file system resident database to indicate an artifact type, a protocol type, an application, a user-definable attribute, and a temporal session duration based on a real-time packet inspection. The method includes grouping the designated packet data in a database including packet data having a similar one of the artifact type, the protocol type, the application, the user-definable attribute and the temporal session duration. In addition, the method of network database maintenance includes indexing the database to point to a memory location of the designated packet data grouped in the database in the packet capture repository.
133 Citations
28 Claims
-
1. A method of network database maintenance comprising:
-
designating a network packet data to be stored in one of a packet capture repository and a database residing on a file system to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration based on content analysis and inspection; grouping the designated packet data in the database, the groupings comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration; indexing the database to point to a memory location of the designated packet data in the packet capture repository; and providing for querying the indexed database to identify a location of packet data in the packet capture repository. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of network database maintenance comprising:
-
applying a threshold window to identify a flow of packet data to be stored in one of a packet capture repository and a file system resident indexing database to indicate at least one of an artifact type, a protocol type, an application, and a temporal session duration upon a real-time packet inspection; recording a packet data in the identified flow in a database comprising packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration when the threshold window is not exceeded; and indexing the database to point to a memory location of the recorded packet data in a packet capture repository. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
a packet capture repository to store a network packet data; and an indexing database, maintained by an indexing module, containing classified data modules pointing to one or more memory locations of one or more network packet data in the packet capture repository, the network packet data being grouped in the database in accordance with at least one of an artifact type, a protocol type, an application, and a temporal session duration based on a real-time packet inspection along with packet data having a similar at least one of the artifact type, the protocol type, the application, and the temporal session duration. - View Dependent Claims (28)
-
Specification