Method and apparatus for identifying and characterizing errant electronic files
DC CAFCFirst Claim
1. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:
- under control of one or more configured computer systems;
selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of;
selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold;
selecting the file based on whether content of the file matches a file type indicated by a name of the file;
orselecting the file based on whether the file comprises data beyond an end of data marker for the file;
generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file;
comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and
characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files.
3 Assignments
Litigations
3 Petitions
Accused Products
Abstract
A computer system includes a, server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored file; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.
53 Citations
16 Claims
-
1. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:
-
under control of one or more configured computer systems; selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of; selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold; selecting the file based on whether content of the file matches a file type indicated by a name of the file;
orselecting the file based on whether the file comprises data beyond an end of data marker for the file; generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file; comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system, comprising:
-
a server having a memory connected, thereto, said server being adapted to be connected to a network to permit remote storage and retrieval of data files from the memory; and a file identification application operative with the server to identify unauthorized files stored in the memory, the file identification application providing the functions of; selecting a file from a plurality of files stored in the memory, wherein selecting the file is performed according to at least one of; selecting the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold; selecting the file based on whether content of the file matches a file type indicated by a name of the file;
orselecting the file based on whether the file comprises data beyond an end of data marker for the file; generating an identification value associated with the selected file, wherein the identification value is representative of at least a portion of the content of the selected file; comparing the generated identification value to one or more identification values associated with one or more of a plurality of unauthorized files; and characterizing the file as an unauthorized file if the identification value matches one of the plurality of identification values associated with the unauthorized files. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having instructions stored thereon that, in response to execution by a computing device, cause the computing device to perform a operations comprising:
-
selecting a file from a plurality of files stored in a computer storage medium, wherein selecting the file is performed according to at least one of; selecting the file based on the size of the file by determining whether an aggregate size of plural identically-sized files exceeds a predetermined threshold; selecting the file based on whether content of the file matches a file type indicated by a name of the file;
orselecting the file based upon whether the file comprises data beyond an end of data marker for the file; categorizing the selected file as an unauthorized file based on a comparison of an identification value associated with the selected file with one or more identification values associated with one or more of a plurality of unauthorized files.
-
Specification