Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point

Inactive Publication Date: 2014-06-26
SPERNOW WILLIAM +1
View PDF4 Cites 95 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0011]The present arrangement is directed to a method and system whereby a forensic image of a hard drive or the live acquisition of RAM/Flash memory resulting in a forensic image of the memory from a single computer system can be simultaneously scanned with multiple commercial and open source malicious code detection engines such that all detection engines can be controlled from a master control point dashboard module. As noted above, prior to the present invention technical limitations imposed by the current design of anti-virus software and malware scanning engines prevented multiple instances of malicious code detection software from simultaneously bei

Problems solved by technology

When a computer device is infected by a malicious code infection the user will often notice degradation of system performance as the infection can create unwanted and time consuming system activity, excessive memory usage, and bandwidth consuming network traffic.
These factors can also cause instability problems leading to application or system-wide crashes.
The user of an infected device may incorrectly assume that poor performance is a result of software flaws or hardware problems, taking inappropriate remedial action, when the actual cause is a malicious code infection of which they are unaware.
Detecting the presence of malicious code infections is challenging as the authors of malicious code design their software code to be difficult to detect, often employing obfuscation techniques that deliberately hides the presence of malicious code infections on a computer system.
But this need to be in control of the file system comes at a cost.
Trying to install multiple malware detection products on a single computer system typically results in a deadly embrace, where both products fight for absolute control of the file system.
This deadly embrace results in a malfunctioning computer as each malware detection product sees the other as an adversary launching a malicious attack designed to take control of the file system.
This “one only” installation limitation puts the user at another disadvantage in that the malware detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point
  • Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point
  • Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0066]The present invention is a system, process and method that allows duplicate bit-by-bit forensic images of a computer system's hard drive or the live acquisition of RAM / Flash memory to be scanned with multiple malware engines simultaneously from a master control point dashboard. Moreover, the present invention is configured to be a portable solution such that it can be shipped, via common carriers, to client locations whose privacy policies prevent sensitive data from being taken off-site. More specifically, the present invention provides a process whereby the files and data on computer system storage devices, in the form of forensic images, can be scanned simultaneously from a virtual environment with multiple commercial or open source malware detection applications in a time period that is substantially less than if the scanning was performed sequentially. In addition, the present invention has the ability, via authored scripts and executable programs created, to collect rele...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.

Description

PRIORITY CLAIM[0001]This applications claims the benefit of priority from U.S. Provisional Patent Application No. 61 / 796, 263, filed on Nov. 6, 2012, the entirety of which is incorporated by reference.BACKGROUND[0002]1. Field of the Invention[0003]The present invention relates to a method used to detect the presence of malicious code infections on a computer system. More particularly, the present invention is in the technical field of computer security that includes computer forensics. More particularly, the present invention addresses the limitations of existing malicious code scanning technology.[0004]2. Description of the Related Art[0005]When a computer device is infected by a malicious code infection the user will often notice degradation of system performance as the infection can create unwanted and time consuming system activity, excessive memory usage, and bandwidth consuming network traffic. These factors can also cause instability problems leading to application or system-...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566G06F21/568G06F21/552G06F2221/034
Inventor SPERNOW, WILLIAMGARRIE, DANIEL
Owner SPERNOW WILLIAM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products