DIGITAL FORENSIC AUDIT SYSTEM FOR ANALYZING USER'S BEHAVIORS
First Claim
1. A digital forensic audit system for analyzing a user'"'"'s behaviors which scans an image recorded in a storage medium to extract an event and a document file from the image and analyzes the event and the document file to visualize the event and the document file, the system comprising:
- a status extracting unit which extracts a system status from the recorded image;
a document file extracting unit which extracts the document file and an attribute of the document file from the recorded image;
an event extracting unit which extracts an event including time of occurrence from the recorded image and extracts an event from an attribute of the document file related to the time (hereinafter, referred to as a time attribute);
an analyzing unit which analyzes the document file or the event by the attribute and the time; and
a visualizing unit which displays the analyzed result (hereinafter, referred to as an analysis result) on a time coordinate.
3 Assignments
0 Petitions
Accused Products
Abstract
A digital forensic audit system which extracts the event and the document file from the image, analyzes the event and the document file to visualize the event and document file in order to analyze a user'"'"'s behaviors by scanning a usage trace and a file which is an image recorded in a window system, the system includes a document file extracting unit which extracts a logical level document file and an attribute of the document file from the image; an event extracting unit which extracts an event including time of occurrence from the image and extracts an event from an attribute of the document file related to the time (hereinafter, referred to as a time attribute), an analyzing unit which analyzes the document file or the event by the attribute and the time; and a visualizing unit which displays the analyzed result (hereinafter, referred to as an analysis result) on a time coordinate.
18 Citations
9 Claims
-
1. A digital forensic audit system for analyzing a user'"'"'s behaviors which scans an image recorded in a storage medium to extract an event and a document file from the image and analyzes the event and the document file to visualize the event and the document file, the system comprising:
-
a status extracting unit which extracts a system status from the recorded image; a document file extracting unit which extracts the document file and an attribute of the document file from the recorded image; an event extracting unit which extracts an event including time of occurrence from the recorded image and extracts an event from an attribute of the document file related to the time (hereinafter, referred to as a time attribute); an analyzing unit which analyzes the document file or the event by the attribute and the time; and a visualizing unit which displays the analyzed result (hereinafter, referred to as an analysis result) on a time coordinate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeDOUZONE BIZON Co., Ltd.
-
Original AssigneeDuzon Information Security Service
-
InventorsJang, Tae Hoon, Lee, Hong Sun, Gwak, Hyo Geun, Jeon, Hong Gyu, Kim, Jong Hyun, You, Bong Seok, Bark, In Hyun, Kim, Jin Hak, Ham, Jong Seong
-
Application NumberUS13/905,816Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current707/755CPC Class CodesG06F 16/26 Visual data mining; Browsin...G06F 16/904 Browsing; Visualisation the...G06F 21/552 involving long-term monitor...
