Backward researching time stamped events to find an origin of pestware
DCFirst Claim
Patent Images
1. A method for identifying an origin of suspected pestware activity on a computer, the method comprising:
- monitoring, with a kernel-mode driver, activity on the computer;
generating an activity log on a file storage device of the computer from the kernel-mode driver;
receiving, from a user via an interface of the computer, a time of interest relating to a suspicion of pestware on the computer, wherein the time of interest includes a time interval;
issuing a timestamp after receiving the time of interest;
identifying, based upon the time of interest, indicia of pestware, wherein the identifying is initiated by the issuing the timestamp; and
accessing, using a hardware processor of the computer, at least a portion of a recorded history of externally networked sources that the computer received files from so as to identify, based at least in part upon the identified indicia of pestware, a reference to an identity of an externally networked source that is suspected of originating pestware;
wherein the recorded history of externally networked sources is stored on the file storage device.
9 Assignments
Litigations
2 Petitions
Accused Products
Abstract
A system and method for identifying an origin of suspected pestware activity on a computer is described. One embodiment includes establishing a time of interest relating to a suspicion of pestware on the computer, identifying, based upon the time of interest, indicia of pestware and accessing at least a portion of a recorded history of sources that the computer received files from so as to identify, based at least in part upon the identified indicia of pestware, a reference to an identity of a source that is suspected of originating pestware.
94 Citations
16 Claims
-
1. A method for identifying an origin of suspected pestware activity on a computer, the method comprising:
-
monitoring, with a kernel-mode driver, activity on the computer; generating an activity log on a file storage device of the computer from the kernel-mode driver; receiving, from a user via an interface of the computer, a time of interest relating to a suspicion of pestware on the computer, wherein the time of interest includes a time interval; issuing a timestamp after receiving the time of interest; identifying, based upon the time of interest, indicia of pestware, wherein the identifying is initiated by the issuing the timestamp; and accessing, using a hardware processor of the computer, at least a portion of a recorded history of externally networked sources that the computer received files from so as to identify, based at least in part upon the identified indicia of pestware, a reference to an identity of an externally networked source that is suspected of originating pestware; wherein the recorded history of externally networked sources is stored on the file storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for identifying a source of suspected pestware on a computer, the system comprising:
-
a hardware processor; a file storage device coupled to the hardware processor; a timestamp module configured to be executed by the hardware processor, to generate a time of interest including a time interval in response to detected activity on the computer that is indicative of pestware, to issue a timestamp after generating the time of interest, and to initiate, in response to the issuance of the timestamp, identification of indicia of pestware; a research portion configured to be executed by the hardware processor and to access at least one log on a file storage device of the computer to relate the time of interest to at least one externally networked source of potential pestware activity on the computer; a kernel-mode driver configured to monitor activity on the computer and to generate an activity log that is included within the at least one log; and a reporting portion configured to be executed by the hardware processor and to generate a report that identifies the at least one externally networked source of potential pestware activity. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification