METHOD TO SCAN A FORENSIC IMAGE OF A COMPUTER SYSTEM WITH MULTIPLE MALICIOUS CODE DETECTION ENGINES SIMULTANEOUSLY FROM A MASTER CONTROL POINT
First Claim
1. A multi-engine malicious code scanning method for scanning data sets from a storage device, said method comprising the steps of:
- installing a virtual operating system on at least one computer, along with a plurality of independent operating systems on said computer;
for each of said independent operating systems, installing a malware engine, such that said computer includes a plurality of malware engines, each operating separately on its respective independent operating system;
obtaining at least one data set from a storage device;
generating a single forensic image of said data set;
applying a recover data application to said data set to generate a single recovered data set;
selecting a plurality of malware engines for analyzing said single forensic image and said single recovered data set;
initiating a scanning of said single forensic image and said single recovered data set using said selected plurality of malware engines, wherein each of said malware engines, installed on said independent operating systems of said virtual operating system, may be run concurrently on said single forensic image and said single recovered data set; and
generating a combined report for each of said malware engines reporting the results of said scans.
0 Assignments
0 Petitions
Accused Products
Abstract
A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.
91 Citations
9 Claims
-
1. A multi-engine malicious code scanning method for scanning data sets from a storage device, said method comprising the steps of:
-
installing a virtual operating system on at least one computer, along with a plurality of independent operating systems on said computer; for each of said independent operating systems, installing a malware engine, such that said computer includes a plurality of malware engines, each operating separately on its respective independent operating system; obtaining at least one data set from a storage device; generating a single forensic image of said data set; applying a recover data application to said data set to generate a single recovered data set; selecting a plurality of malware engines for analyzing said single forensic image and said single recovered data set; initiating a scanning of said single forensic image and said single recovered data set using said selected plurality of malware engines, wherein each of said malware engines, installed on said independent operating systems of said virtual operating system, may be run concurrently on said single forensic image and said single recovered data set; and generating a combined report for each of said malware engines reporting the results of said scans. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for employing a multi-engine malicious code scanning method for scanning data sets from a storage device, said system comprising:
-
a physical server unit having at least a CPU unit, a memory unit, and a duplicator arrangement, wherein said server is configured to accept the installation of a virtual operating system, along with a plurality of independent operating systems; where for each of said independent operating systems, a malware engine may be installed, such that said server is configured to maintain a plurality of malware engines, each operating separately on its respective independent operating system; said server configured to be physically deliverable to a remote location and to receive at least one data set from a storage device and to generate a single forensic image of said data set; said server configured to apply a recover data application to said data set to generate a single recovered data set, wherein a user of said server may select a plurality of malware engines for analyzing said single forensic image and said single recovered data set by initiating a scanning of said single forensic image and said single recovered data set using said selected plurality of malware engines, wherein each of said malware engines, installed on said independent operating systems of said virtual operating system are run concurrently on said single forensic image and said single recovered data set; and said server configured to generate and output a combined report for each of said malware engines reporting the results of said scans.
-
Specification