发明名称 |
METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR EFFICIENT COMPUTER FORENSIC ANALYSIS AND DATA ACCESS CONTROL |
摘要 |
According to one aspect, the subject matter described herein includes a method for efficient computer forensic analysis and data access control. The method includes steps occurring from within a virtualization layer separate from a guest operating system. The steps include monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory. The steps also include tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network. The steps further include linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accessed. |
申请公布号 |
US2014157407(A1) |
申请公布日期 |
2014.06.05 |
申请号 |
US201214115094 |
申请日期 |
2012.05.07 |
申请人 |
The University of North Carolina at Chapel Hill |
发明人 |
Krishnan Srinivas;Monrose Fabian;Snow Kevin |
分类号 |
G06F21/50 |
主分类号 |
G06F21/50 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for efficient computer forensic analysis and data access control, the method comprising:
from within a virtualization layer separate from a guest operating system: monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory; tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network; and linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accesses.
|
地址 |
Chapel Hill NC US |