SYSTEMS AND METHODS FOR PROVIDING AUTOMATIC SYSTEM STOP AND BOOT-TO-SERVICE OS FOR FORENSICS ANALYSIS
First Claim
Patent Images
1. An Information Handling System (IHS), comprising:
- a processor; and
a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to;
detect an Indicator of Compromise (IoC);
send, to a server, a message including the IoC;
receive, from the server, a recovery instruction; and
boot into a service OS identified in the recovery instruction, wherein the service OS is distinct from a main OS included in the IHS.
14 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for providing automatic system stop and boot-to-service OS for forensic analysis. In some embodiments, an Information Handling System (IHS) includes a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect an Indicator of Compromise (IoC); send, to a server, a message including the IoC; receive, from the server, a recovery instruction; and boot into a service OS identified in the recovery instruction, wherein the service OS is distinct from a main OS included in the IHS.
21 Citations
20 Claims
-
1. An Information Handling System (IHS), comprising:
-
a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to; detect an Indicator of Compromise (IoC); send, to a server, a message including the IoC; receive, from the server, a recovery instruction; and boot into a service OS identified in the recovery instruction, wherein the service OS is distinct from a main OS included in the IHS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method, comprising:
-
receiving, from a client device, a message including an Indicator of Compromise (IoC); determining, based at least in part upon the IoC and upon a recovery history of other client devices, a list of two or more service OSs; and transmitting a recovery instruction to the client device, wherein the recovery instruction includes the list, wherein the client device is configured to boot into a service OS identified in the recovery instruction, and wherein the service OS is distinct from a main OS included in the client device. - View Dependent Claims (14, 15, 16)
-
-
17. A memory device having program instructions stored thereon that, upon execution by an Information Handling System (IHS), cause the IHS to:
-
detect an Indicator of Compromise (IoC); send, to a server, a message including the IoC; receive, from the server, a recovery instruction; and boot into a service OS identified in the recovery instruction, wherein the recovery instruction includes an ordered list of two or more service OSs, and wherein the program instructions, upon execution by the processor, cause the IHS to attempt to boot at least one of the two or more service OSs in the listed order. - View Dependent Claims (18, 19, 20)
-
Specification