Method and system for forensic data tracking
DCFirst Claim
Patent Images
1. A forensic computing platform deployed as a cloud control server which comprises an analytic component, a reporting component, an alert component, a business logic component, a policy database, a user database, a meta database and a settings database;
- the forensic computing platform further comprising at least one endpoint that comprises a deployed software agent, the deployed software agent comprising modules to detect, classify, delete, encrypt, and redact data stored on the at least one endpoint, the forensic computing platform causing the following steps to occur when executing computer instructions stored in a memory of the cloud control server;
receiving from the deployed software agent on the at least one endpoint a meta log associated with a first file comprising data, the meta log containing a first file name, data element tags comprising indicators that data fields or data types are included in the first file, and one or more of a date created, deleted, or modified, a user name, and an endpoint ID;
storing the meta log in the cloud control server of the forensic computing platform;
analyzing the data of the first file based on a configured setting and criteria;
determining, based on the indicators of the data element tags, that a data classification associated with the data is inappropriate for the first file on the at least one endpoint; and
remediating the first file when the determined data classification is inappropriate for the at least one endpoint, the remediating being one of encrypting, deleting, or redacting the data within the first file.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention relates to a method and system for tracking the movement of data elements as they are shared and moved between authorized and unauthorized devices and among authorized and unauthorized users.
95 Citations
18 Claims
-
1. A forensic computing platform deployed as a cloud control server which comprises an analytic component, a reporting component, an alert component, a business logic component, a policy database, a user database, a meta database and a settings database;
- the forensic computing platform further comprising at least one endpoint that comprises a deployed software agent, the deployed software agent comprising modules to detect, classify, delete, encrypt, and redact data stored on the at least one endpoint, the forensic computing platform causing the following steps to occur when executing computer instructions stored in a memory of the cloud control server;
receiving from the deployed software agent on the at least one endpoint a meta log associated with a first file comprising data, the meta log containing a first file name, data element tags comprising indicators that data fields or data types are included in the first file, and one or more of a date created, deleted, or modified, a user name, and an endpoint ID; storing the meta log in the cloud control server of the forensic computing platform; analyzing the data of the first file based on a configured setting and criteria; determining, based on the indicators of the data element tags, that a data classification associated with the data is inappropriate for the first file on the at least one endpoint; and remediating the first file when the determined data classification is inappropriate for the at least one endpoint, the remediating being one of encrypting, deleting, or redacting the data within the first file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- the forensic computing platform further comprising at least one endpoint that comprises a deployed software agent, the deployed software agent comprising modules to detect, classify, delete, encrypt, and redact data stored on the at least one endpoint, the forensic computing platform causing the following steps to occur when executing computer instructions stored in a memory of the cloud control server;
Specification