| 发明名称 |
Extracting forensic indicators from activity logs |
| 摘要 |
A method for computer system forensics includes receiving an identification of a time of occurrence of an anomalous event in a computer network including multiple host computers. Logs of activity of entities in the computer network are collected. A comparison is made between first entries in at least one of the logs collected within a predefined time interval of the time of the occurrence of the anomalous event, and second entries in the at least one of the logs collected outside the predefined time interval. Based on the comparison, a forensic indicator associated with the anomalous event is extracted from the logs. |
| 申请公布号 |
US2017026395(A1) |
申请公布日期 |
2017.01.26 |
| 申请号 |
US201615286674 |
申请日期 |
2016.10.06 |
| 申请人 |
Light Cyber Ltd. |
发明人 |
Mumcuoglu Michael;Engel Giora;Firstenberg Eyal |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for computer system forensics, comprising:
receiving an identification of a time of occurrence of an anomalous event in a computer network comprising multiple host computers; collecting logs of activity of entities in the computer network; making a comparison between first entries in at least one of the logs collected within a predefined time interval of the time of the occurrence of the anomalous event, and second entries in the at least one of the logs collected outside the predefined time interval; and based on the comparison, extracting from the logs a forensic indicator associated with the anomalous event. |
| 地址 |
Ramat Gan IL |
