| 发明名称 |
METHOD TO SCAN A FORENSIC IMAGE OF A COMPUTER SYSTEM WITH MULTIPLE MALICIOUS CODE DETECTION ENGINES SIMULTANEOUSLY FROM A MASTER CONTROL POINT |
| 摘要 |
A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans. |
| 申请公布号 |
US2016063250(A1) |
申请公布日期 |
2016.03.03 |
| 申请号 |
US201514845530 |
申请日期 |
2015.09.04 |
| 申请人 |
Forensic Scan, LLC |
发明人 |
Spernow William R.;Garrie Daniel |
| 分类号 |
G06F21/56;G06F21/55 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A multi-engine malicious code scanning method for scanning data sets from a storage device, said method comprising the steps of:
installing a virtual operating system on at least one computer, along with a plurality of independent operating systems on said computer; for each of said independent operating systems, installing a malware engine, such that said computer includes a plurality of malware engines, each operating separately on its respective independent operating system; obtaining at least one data set from a storage device; generating a single forensic image of said data set; applying a recover data application to said data set to generate a single recovered data set; selecting a plurality of malware engines for analyzing said single forensic image and said single recovered data set; initiating a scanning of said single forensic image and said single recovered data set using said selected plurality of malware engines, wherein each of said malware engines, installed on said independent operating systems of said virtual operating system, may be run concurrently on said single forensic image and said single recovered data set; and generating a combined report for each of said malware engines reporting the results of said scans. |
| 地址 |
Suwanee GA US |
