METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR EFFICIENT COMPUTER FORENSIC ANALYSIS AND DATA ACCESS CONTROL
First Claim
1. A method for efficient computer forensic analysis and data access control, the method comprising:
- from within a virtualization layer separate from a guest operating system;
monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory;
tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network; and
linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accesses.
2 Assignments
0 Petitions
Accused Products
Abstract
According to one aspect, the subject matter described herein includes a method for efficient computer forensic analysis and data access control. The method includes steps occurring from within a virtualization layer separate from a guest operating system. The steps include monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory. The steps also include tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network. The steps further include linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accessed.
-
Citations
23 Claims
-
1. A method for efficient computer forensic analysis and data access control, the method comprising:
-
from within a virtualization layer separate from a guest operating system; monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory; tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network; and linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accesses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for efficient computer forensic analysis and data access control, the system comprising:
-
a virtualization layer separate from a guest operating system for virtualizing resources of an underlying computing system; a storage monitoring module located within the virtualization layer and for monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory; a memory monitoring module located within the virtualization layer for tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network; and a system call monitoring module for linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accesses. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer control the computer to perform steps comprising:
-
from within a virtualization layer separate from a guest operating system; monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory; tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network; and linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accesses.
-
Specification