Inter-system data forensics

US 9,524,397 B1
Filed: 07/06/2015
Issued: 12/20/2016
Est. Priority Date: 07/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;

communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;

receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;

generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;

analyzing, by the at least one processor, the plurality of records to;

identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and

determine an interrelationship between the corresponding requests;

generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and

communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;

a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system;

a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user;

generating the plurality of requests comprises generating a request for data from the system log and a request for data from the log file;

receiving the log data comprises receiving, from the first computing system, data from the system log, and receiving, from the second computing system, data from the log file;

generating the plurality of records comprises generating, based on the data from the system log, a first portion of the plurality of records, and generating, based on the data from the log file, a second portion of the plurality of records;

the corresponding requests comprise;

a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and

a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; and

the interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform may generate requests for log data stored on computing systems and may communicate the requests to the computing systems. The computing platform may receive the log data from the computing systems and may utilize the log data to generate records interrelating different data-access requests indicated by the log data. The computing platform may analyze the records to identify corresponding requests made by a user to multiple different computing systems and may determine an interrelationship between the corresponding requests. The computing platform may generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests and may communicate the data to a computing device associated with at least one of the multiple different computing systems.

24 Citations

View as Search Results

14 Claims

1. A method comprising:
- generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;
  
  communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;
  
  receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyzing, by the at least one processor, the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
  
  a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system;
  
  a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user;
  
  generating the plurality of requests comprises generating a request for data from the system log and a request for data from the log file;
  
  receiving the log data comprises receiving, from the first computing system, data from the system log, and receiving, from the second computing system, data from the log file;
  
  generating the plurality of records comprises generating, based on the data from the system log, a first portion of the plurality of records, and generating, based on the data from the log file, a second portion of the plurality of records;
  
  the corresponding requests comprise;
  
  a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
  
  a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; and
  
  the interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein:
    - the data-access request by the user comprises a request to read the data stored on the first computing system; and
      
      analyzing the plurality of records to determine the interrelationship comprises determining that the instruction set caused the second computing system to write the data stored on the first computing system to the computing system different from the first computing system.
  - 3. The method of claim 1, wherein:
    - the data-access request by the user comprises a request to read one or more elements of the data stored on the first computing system; and
      
      analyzing the plurality of records to determine the interrelationship comprises determining that the instruction set caused the second computing system to read, from the data stored on the computing system different from the first computing system, data comprising the one or more elements.
  - 4. The method of claim 1, wherein:
    - receiving the log data comprises receiving the data from the system log prior to receiving the data from the log file; and
      
      generating the plurality of requests comprises;
      
      analyzing the data from the system log to identify, from amongst the multiple different users, the user; and
      
      responsive to identifying the user, generating the request for the data from the log file.

5. A method comprising:
- generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;
  
  communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;
  
  receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyzing, by the at least one processor, the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
  
  the computing device is configured to manage access rights of the user to data stored on the at least one of the multiple different computing systems; and
  
  the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to modify one or more of the access rights.

6. A method comprising:
- generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;
  
  communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;
  
  receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyzing, by the at least one processor, the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
  
  the computing device is configured to manage access rights of the user to data stored on the at least one of the multiple different computing systems; and
  
  the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to flag one or more of the access rights.

7. A method comprising:
- generating, by at least one processor of a computing platform, a plurality of requests for log data stored on a plurality of computing systems;
  
  communicating, via a communication interface of the computing platform and to the plurality of computing systems, the plurality of requests;
  
  receiving, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generating, by the at least one processor and based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyzing, by the at least one processor, the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generating, by the at least one processor, data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicating, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein the data indicating the multiple different computing systems and the interrelationship between the corresponding requests comprises an instruction set configured to cause the computing device to display a graphical depiction of the multiple different computing systems and the interrelationship between the corresponding requests.
- View Dependent Claims (8)
- - 8. The method of claim 7, wherein the graphical depiction comprises:
    - a plurality of nodes depicting the multiple different computing systems; and
      
      a plurality of edges depicting the corresponding requests, each edge of the plurality of edges connecting a node of the plurality of nodes to another node of the plurality of nodes.

9. A computing platform comprising:
- at least one processor;
  
  a communication interface; and
  
  a memory comprising instructions that when executed by the at least one processor cause the computing platform to;
  
  generate a plurality of requests for log data stored on a plurality of computing systems;
  
  communicate, via the communication interface and to the plurality of computing systems, the plurality of requests;
  
  receive, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generate, based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyze the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicate, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
  
  a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system;
  
  a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user; and
  
  the instructions, when executed by the at least one processor, cause the computing platform to;
  
  generate a request for data from the system log;
  
  generate a request for data from the log file;
  
  receive, from the first computing system, data from the system log;
  
  receive, from the second computing system, data from the log file;
  
  generate, based on the data from the system log, a first portion of the plurality of records; and
  
  generate, based on the data from the log file, a second portion of the plurality of records,and wherein;
  
  the corresponding requests comprise;
  
  a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
  
  a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; and
  
  the interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system.
- View Dependent Claims (10, 11)
- - 10. The computing platform of claim 9, wherein:
    - the data-access request by the user comprises a request to read the data stored on the first computing system; and
      
      the instructions, when executed by the at least one processor, cause the computing platform to determine, based on analyzing the records, that the instruction set caused the second computing system to write the data stored on the first computing system to the computing system different from the first computing system.
  - 11. The computing platform of claim 9, wherein:
    - the data-access request by the user comprises a request to read one or more elements of the data stored on the first computing system; and
      
      the instructions, when executed by the at least one processor, cause the computing platform to determine, based on analyzing the records, that the instruction set caused the second computing system to read, from the data stored on the computing system different from the first computing system, data comprising the one or more elements.

12. One or more non-transitory computer-readable media comprising instructions that when executed by at least one processor of a computing platform comprising the at least one processor and a communication interface cause the computing platform to:
- generate a plurality of requests for log data stored on a plurality of computing systems;
  
  communicate, via the communication interface and to the plurality of computing systems, the plurality of requests;
  
  receive, via the communication interface, from the plurality of computing systems, and responsive to the plurality of requests, the log data;
  
  generate, based on the log data, a plurality of records that interrelate a plurality of different data-access requests indicated by the log data;
  
  analyze the plurality of records to;
  
  identify, from amongst the plurality of different data-access requests, corresponding requests made by a user to multiple different computing systems of the plurality of computing systems; and
  
  determine an interrelationship between the corresponding requests;
  
  generate data indicating the multiple different computing systems and the interrelationship between the corresponding requests; and
  
  communicate, via the communication interface and to a computing device associated with at least one of the multiple different computing systems, the data,wherein;
  
  a first computing system of the plurality of computing systems maintains a system log comprising entries corresponding to data-access requests made by multiple different users for data stored on the first computing system;
  
  a second computing system of the plurality of computing systems comprises a memory storing a log file generated by the second computing system while executing an instruction set communicated to the second computing system by a device utilized by the user; and
  
  the instructions, when executed by the at least one processor, cause the computing platform to;
  
  generate a request for data from the system log;
  
  generate a request for data from the log file;
  
  receive, from the first computing system, data from the system log;
  
  receive, from the second computing system, data from the log file;
  
  generate, based on the data from the system log, a first portion of the plurality of records; and
  
  generate, based on the data from the log file, a second portion of the plurality of records,and wherein;
  
  the corresponding requests comprise;
  
  a data-access request, indicated by the first portion of the plurality of records, by the user for the data stored on the first computing system; and
  
  a data-access request, indicated by the second portion of the plurality of records, by the instruction set for data stored on a computing system different from the first computing system; and
  
  the interrelationship comprises an interrelationship between the data stored on the first computing system and the data stored on the computing system different from the first computing system.
- View Dependent Claims (13, 14)
- - 13. The one or more non-transitory computer-readable media of claim 12, wherein:
    - the data-access request by the user comprises a request to read the data stored on the first computing system; and
      
      the instructions, when executed by the at least one processor, cause the computing platform to determine, based on analyzing the records, that the instruction set caused the second computing system to write the data stored on the first computing system to the computing system different from the first computing system.
  - 14. The one or more non-transitory computer-readable media of claim 12, wherein:
    - the data-access request by the user comprises a request to read one or more elements of the data stored on the first computing system; and
      
      the instructions, when executed by the at least one processor, cause the computing platform to determine, based on analyzing the records, that the instruction set caused the second computing system to read, from the data stored on the computing system different from the first computing system, data comprising the one or more elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Greenway, Ryan M., Amin, Seyamak, Kurva, Jangaiah, Carroll, Edward W., Joa, David, Shao, Yanghong, Bendel, Tim, Nair, Dilip
Primary Examiner(s)
Dinh, Minh

Application Number

US14/792,549
Publication Number

US 20170011228A1
Time in Patent Office

533 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1425   Traffic logging, e.g. anoma...

Inter-system data forensics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Inter-system data forensics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links