×

File monitoring

  • US 9,940,336 B2
  • Filed: 10/24/2014
  • Issued: 04/10/2018
  • Est. Priority Date: 10/24/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for monitoring one or more files, the method comprising:

  • detecting, by a kernel filter driver, a file-write request for a file of a set of files;

    copying, by the kernel filter driver, one or more blocks of file-write information from the file-write request to a kernel buffer, the file write information corresponding to a file-write event;

    receiving, at a user mode process running a kernel buffer retrieval operation in a user mode, a portion of data from the kernel buffer comprising file-write information corresponding to at least one file-write event;

    for each block of file-write information corresponding to one file-write event, in the received portion of data, labeling the block of file-write information according to a source of the file-write event; and

    providing the labeled block of file-write information to a monitoring application in the user mode.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×