CONTEXT-AWARE NETWORK FORENSICS

摘要

Systems and methods for management of security events and their related forensic context are disclosed. Network forensics involves monitoring and analyzing data flows in a network to assist security analysts to review, analyze and remove a security threat. Security threats in a network environment are generally detected by one or more devices on the network. If a security threat is determined to be severe or significant enough, a security event corresponding to the security threat is often created and stored in the system. To assist in future review and analysis of security threats, timely and relevant context information about network security events may be obtained and stored along with each security event. The forensic context may be accessible to security administrators viewing the security events to provide detailed information about the circumstances surrounding a security event.