Inter-system data forensics
First Claim
1. A method comprising:
- generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;
communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;
receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
analyzing, by the at least one processor, the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;
generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system;
a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user;
generating the plurality of requests comprises generating a request for data from the system log and a request for data from the log file;
receiving the log data comprises receiving, from the first computing system, data from the system log, and receiving, from the second computing system, data from the log file;
generating the plurality of records comprises generating, based on the data from the system log, a first portion of the plurality of records, and generating, based on the data from the log file, a second portion of the plurality of records;
the corresponding requests comprise;
a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; and
the interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing platform may generate requests for log data stored on computing systems and may communicate the requests to the computing systems. The computing platform may receive the log data from the computing systems and may utilize the log data to generate records interrelating different data-access requests indicated by the log data. The computing platform may analyze the records to identify corresponding requests made by a user to multiple different computing systems and may determine an interrelationship between the corresponding requests. The computing platform may generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests and may communicate the data to a computing device associated with at least one of the multiple different computing systems.
24 Citations
14 Claims
-
1. A method comprising:
-
generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems; communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests; receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyzing, by the at least one processor, the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein; a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system; a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user; generating the plurality of requests comprises generating a request for data from the system log and a request for data from the log file; receiving the log data comprises receiving, from the first computing system, data from the system log, and receiving, from the second computing system, data from the log file; generating the plurality of records comprises generating, based on the data from the system log, a first portion of the plurality of records, and generating, based on the data from the log file, a second portion of the plurality of records; the corresponding requests comprise;
a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; andthe interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems; communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests; receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyzing, by the at least one processor, the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein; the computing device is configured to manage access rights of the user to data stored on the at least one of the multiple different computing systems; and the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to modify one or more of the access rights.
-
-
6. A method comprising:
-
generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems; communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests; receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyzing, by the at least one processor, the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein; the computing device is configured to manage access rights of the user to data stored on the at least one of the multiple different computing systems; and the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to flag one or more of the access rights.
-
-
7. A method comprising:
-
generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems; communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests; receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyzing, by the at least one processor, the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to display a graphical depiction of the multiple different computing systems and the interrelationship between the corresponding requests. - View Dependent Claims (8)
-
-
9. A computing platform comprising:
-
at least one processor; a communication interface; and a memory comprising instructions that when executed by the at least one processor cause the computing platform to; generate a plurality of requests for log data stored on a plurality of computing systems; communicate, via the communication interface and to the plurality of computing systems, the plurality of requests; receive, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generate, based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyze the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicate, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein; a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system; a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user; and the instructions, when executed by the at least one processor, cause the computing platform to; generate a request for data from the system log; generate a request for data from the log file; receive, from the first computing system, data from the system log; receive, from the second computing system, data from the log file; generate, based on the data from the system log, a first portion of the plurality of records; and generate, based on the data from the log file, a second portion of the plurality of records, and wherein; the corresponding requests comprise;
a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; andthe interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system. - View Dependent Claims (10, 11)
-
-
12. One or more non-transitory computer-readable media comprising instructions that when executed by at least one processor of a computing platform comprising the at least one processor and a communication interface cause the computing platform to:
-
generate a plurality of requests for log data stored on a plurality of computing systems; communicate, via the communication interface and to the plurality of computing systems, the plurality of requests; receive, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data; generate, based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data; analyze the plurality of records to;
identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
determine an interrelationship between the corresponding requests;generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and communicate, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data, wherein; a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system; a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user; and the instructions, when executed by the at least one processor, cause the computing platform to; generate a request for data from the system log; generate a request for data from the log file; receive, from the first computing system, data from the system log; receive, from the second computing system, data from the log file; generate, based on the data from the system log, a first portion of the plurality of records; and generate, based on the data from the log file, a second portion of the plurality of records, and wherein; the corresponding requests comprise;
a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; andthe interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system. - View Dependent Claims (13, 14)
-
Specification