System and method for implementing digital cloud forensics
US-2019044966-A1 · Feb 7, 2019 · US
Method for systematic collection and analysis of forensic data in a unified communications system deployed in a cloud environment
US11080392B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11080392-B2 |
| Application number | US-201916508103-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 10, 2019 |
| Priority date | Jul 10, 2019 |
| Publication date | Aug 3, 2021 |
| Grant date | Aug 3, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for systematic collection and analysis of forensic data in a unified communications system deployed in a cloud environment. Three primary forensic components, namely, evidence collectors, a forensic controller and self-forensic investigators, are utilized in the method to interface with the components of the cloud environment and of the unified communications network. The method invokes a cloud evidence collection process which collects footprint data structures continuously at runtime to enable effective real-time collection of cloud forensic evidence and a cloud evidence analyzing process which generates evidence data that can be consumed by standard forensics tools.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for systematic collection and analysis of data in a unified communications system deployed in a cloud environment, comprising the steps of: integrating at least one evidence collection mechanism with the unified communications system, wherein said at least one evidence collection mechanism is operative to capture forensic data related to operation of the unified communications system and at least one component in the cloud environment; generating at least one model which captures the normal behavior of the unified communications system; monitoring, by at least one intrusion detection system, the unified communications system for an occurrence of an unauthorized action using captured said forensic data and the at least one model; upon the occurrence of an unauthorized action, transmitting, by said at least one intrusion detection system, an alarm to a forensic controller; upon the transmission of the alarm to said forensic controller, collecting, by said at least one evidence collection mechanism, said forensic data; building, by said forensic controller, at least one footprint data structure from the collected forensic data; formatting said at least one footprint data structure, wherein the step of formatting enables said at least one footprint data structure to be used by at least one forensics software application tool; generating at least one self-forensic investigator for use to detect any malicious behavior in the unified communications system, wherein said at least one self-forensic investigator is generated using said at least one footprint data structure; and alerting, by said at least one self-forensic investigator, said forensic controller upon the detection of any malicious behavior in the unified communications system. 2. A method for systematic collection and analysis of data in a unified communications system deployed in a cloud environment, comprising the steps of: integrating at least one evidence collection mechanism with the unified communications system, wherein said at least one evidence collection mechanism is operative to capture forensic data related to operation of the unified communications system and at least one component in the cloud environment; generating at least one model which captures the normal behavior of the unified communications system; monitoring, by at least one intrusion detection system, the unified communications system for an occurrence of an unauthorized action using captured said forensic data and the at least one model; upon the occurrence of an unauthorized action, transmitting, by said at least one intrusion detection system, an alarm to a forensic controller, wherein said forensic controller is operatively connected to but physically and logically separate from the cloud environment; upon the transmission of the alarm to said forensic controller, collecting, by said at least one evidence collection mechanism, said forensic data; building, by said forensic controller, at least one footprint data structure from the collected forensic data; formatting said at least one footprint data structure, wherein the step of formatting enables said at least one footprint data structure to be used by at least one forensics software application tool; generating at least one self-forensic investigator for use to detect any malicious behavior in the unified communications system, wherein said at least one self-forensic investigator is generated using said at least one footprint data structure; and alerting, by said at least one self-forensic investigator, said forensic controller upon the detection of any malicious behavior in the unified communications system. 3. A method for systematic collection and analysis of data in a unified communications system deployed in a cloud environment, comprising the steps of: integrating at least one evidence collection mechanism with the unified communications system, wherein said at least one evidence collection mechanism is attached to at least one component in the cloud environment and operative to capture forensic data related to operation of the unified communications system and the at least one component the cloud environment; generating at least one model which captures the normal behavior of the unified communications system; monitoring, by at least one intrusion detection system, the unified communications system for an occurrence of an unauthorized action using captured said forensic data and the at least one model; upon the occurrence of an unauthorized action, transmitting, by said at least one intrusion detection system, an alarm to a forensic controller, wherein said forensic controller is operatively connected to but physically and logically separate from the at least one component in the cloud environment; upon the transmission of the alarm to said forensic controller, collecting, by said at least one evidence collection mechanism, said forensic data; storing, by said forensic controller, collected forensic data in an evidence database that is operatively connected to but physically and logically separate from the at least one component in the cloud environment; building, by said forensic controller, at least one footprint data structure from the collected forensic data; and formatting said at least one footprint data structure, wherein the step of formatting enables said at least one footprint data structure to be used by at least one forensics software application tool; generating at least one self-forensic investigator for use to detect any malicious behavior in the unified communications system, wherein said at least one self-forensic investigator is generated using said at least one footprint data structure; and alerting, by said at least one self-forensic investigator, said forensic controller upon the detection of any malicious behavior in the unified communications system.
Assignees
Inventors
Classifications
involving event detection and direct action · CPC title
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
- G06F21/552Primary
involving long-term monitoring or reporting · CPC title
using dedicated hardware · CPC title
Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11080392B2 cover?
- A method for systematic collection and analysis of forensic data in a unified communications system deployed in a cloud environment. Three primary forensic components, namely, evidence collectors, a forensic controller and self-forensic investigators, are utilized in the method to interface with the components of the cloud environment and of the unified communications network. The method invoke…
- Who is the assignee on this patent?
- Government Of The United States As Represented By The Secretary Of The Navy, Us Navy
- What technology area does this patent fall under?
- Primary CPC classification G06F21/552. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 03 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).