Security system, storage medium storing computer program, and data diagnostic method
US-2021124826-A1 · Apr 29, 2021 · US
Cyber recovery forensic kit—application-based granularity
US12505214B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12505214-B2 |
| Application number | US-202218046622-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 14, 2022 |
| Priority date | Oct 14, 2022 |
| Publication date | Dec 23, 2025 |
| Grant date | Dec 23, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A forensic kit with a granular infected backup. A forensic engine may evaluate a production system that is infected with malware or other corruption and generate a forensic kit. The forensic kit may include copies of components of the production system that are infected or that are sufficiently related to infected components. The forensic kit may be provided to investigators.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: detecting malware in a production system that includes components; identifying infected components from among the components of the production system; identifying related components of the production system from among the components of the production system that are related to the infected components, wherein the related components may be infected with the malware; and generating a granular infected backup that includes only the infected components and the related components and the malware, and not components of the production system that are both not infected components and not related components. 2 . The method of claim 1 , further comprising triggering a forensic operation upon detecting the malware, wherein the forensic operation is configured to generate the granular infected backup. 3 . The method of claim 1 , wherein the granular infected backup comprises a snapshot of the infected components and the related components. 4 . The method of claim 1 , wherein the components include servers, applications, data, storage devices, storage systems, active directory, networking, or combinations thereof. 5 . The method of claim 1 , further comprising identifying the infected components using a first model that is trained to detect the malware or other corruptions in the components. 6 . The method of claim 5 , further comprising generating a graph representing the components of the production system. 7 . The method of claim 6 , further comprising identifying the infected components in the graph. 8 . The method of claim 7 , further comprising inputting the graph that identifies the infected components into a second model trained to identify the related components to the infected components. 9 . The method of claim 8 , further comprising including the granular infected component in a forensic kit. 10 . The method of claim 9 , further comprising performing a forensic analysis based on the forensic kit and wherein the related components include attack vectors of the malware that do not appear to be infected. 11 . A non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: detecting malware in a production system that includes components; identifying infected components from among the components of the production system; identifying related components of the production system from among the components of the production system that are related to the infected components, wherein the related components may be infected with the malware; and generating a granular infected backup that includes only the infected components and the related components and the malware, and not components of the production system that are both not infected components and not related components. 12 . The non-transitory storage medium of claim 11 , further comprising triggering a forensic operation upon detecting the malware, wherein the forensic operation is configured to generate the granular infected backup. 13 . The non-transitory storage medium of claim 11 , wherein the granular infected backup comprises a snapshot of the infected components and the related components. 14 . The non-transitory storage medium of claim 11 , wherein the components include servers, applications, data, storage devices, storage systems, active directory, networking, or combinations thereof. 15 . The non-transitory storage medium of claim 11 , further comprising identifying the infected components using a first model that is trained to detect the malware or other corruptions in the components. 16 . The non-transitory storage medium of claim 15 , further comprising generating a graph representing the components of the production system. 17 . The non-transitory storage medium of claim 16 , further comprising identifying the infected components in the graph. 18 . The non-transitory storage medium of claim 17 , further comprising inputting the graph that identifies the infected components into a second model trained to identify the related components to the infected components. 19 . The non-transitory storage medium of claim 18 , further comprising including the granular infected component in a forensic kit. 20 . The non-transitory storage medium of claim 19 , further comprising performing a forensic analysis based on the forensic kit and wherein the related components include attack vectors of the malware that do not appear to be infected.
Assignees
Inventors
Classifications
Test or assess software · CPC title
eliminating virus, restoring damaged files · CPC title
- G06F21/566Primary
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12505214B2 cover?
- A forensic kit with a granular infected backup. A forensic engine may evaluate a production system that is infected with malware or other corruption and generate a forensic kit. The forensic kit may include copies of components of the production system that are infected or that are sufficiently related to infected components. The forensic kit may be provided to investigators.
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/566. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).