Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point

Abstract

A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.

Description

PRIORITY CLAIM[0001]This applications claims the benefit of priority from U.S. Provisional Patent Application No. 61 / 796, 263, filed on Nov. 6, 2012, the entirety of which is incorporated by reference.BACKGROUND[0002]1. Field of the Invention[0003]The present invention relates to a method used to detect the presence of malicious code infections on a computer system. More particularly, the present invention is in the technical field of computer security that includes computer forensics. More particularly, the present invention addresses the limitations of existing malicious code scanning technology.[0004]2. Description of the Related Art[0005]When a computer device is infected by a malicious code infection the user will often notice degradation of system performance as the infection can create unwanted and time consuming system activity, excessive memory usage, and bandwidth consuming network traffic. These factors can also cause instability problems leading to application or system-...

AI Technical Summary

Benefits of technology

[0011]The present arrangement is directed to a method and system whereby a forensic image of a hard drive or the live acquisition of RAM/Flash memory resulting in a forensic image of the memory from a single computer system can be simultaneously scanned with multiple commercial and open source malicious code detection engines such that all detection engines can be controlled from a master control point dashboard module. As noted above, prior to the present invention technical limitations imposed by the current design of anti-virus software and malware scanning engines prevented multiple instances of malicious code detection software from simultaneously bei

Problems solved by technology

When a computer device is infected by a malicious code infection the user will often notice degradation of system performance as the infection can create unwanted and time consuming system activity, excessive memory usage, and bandwidth consuming network traffic.

These factors can also cause instability problems leading to application or system-wide crashes.

The user of an infected device may incorrectly assume that poor performance is a result of software flaws or hardware problems, taking inappropriate remedial action, when the actual cause is a malicious code infection of which they are unaware.

Detecting the presence of malicious code infections is challenging as the authors of malicious code design their software code to be difficult to detect, often employing obfuscation techniques that deliberately hides the presence of malicious code infections on a computer system.

But this need to be in control of the file system comes at a cost.

Trying to install multiple malware detection products on a single computer system typically results in a deadly embrace, where both products fight for absolute control of the file system.

This deadly embrace results in a malfunctioning computer as each malware detection product sees the other as an adversary launching a malicious attack designed to take control of the file system.

This “one only” installation limitation puts the user at another disadvantage in that the malware detection

Images