System and method for forensic identification of elements within a computer system

Invention Grant

US08881271B2 System and method for forensic identification of elements within a computer system 有权

Title translation: 计算机系统中元素的法医识别系统和方法

Please log in to see more content

Patent Title: System and method for forensic identification of elements within a computer system
Patent Title (中): 计算机系统中元素的法医识别系统和方法
Application No.: US12184898

Application Date: 2008-08-01
Publication No.: US08881271B2

Publication Date: 2014-11-04
Inventor: James Robert Butler, II
Applicant: James Robert Butler, II
Applicant Address: US CA Milpitas
Assignee: Mandiant, LLC
Current Assignee: Mandiant, LLC
Current Assignee Address: US CA Milpitas
Agency: Polsinelli PC
Agent Adam C. Rehm
Main IPC: G06F12/14
IPC: G06F12/14 ; H04L29/06 ; H04L9/32 ; G06F9/44 ; G06F21/57

System and method for forensic identification of elements within a computer system

Abstract:

A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory.

Abstract(Chinese):

一种使用存储器取证技术来确定运行的计算机系统上的操作系统类型，存储器管理配置和虚拟机状态的系统和方法。这些技术以一种方式应用先进技术，使其可以被信息技术专业人员使用和访问，这些专业人士可能不一定熟悉记忆法证方法和理论的细节。

Public/Granted literature

US20100030996A1 System and Method for Forensic Identification of Elements Within a Computer System Public/Granted day:2010-02-04

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F12/00	安装在筛选装置之上的在存储器系统或体系结构内的存取、寻址或分配（来自记录载体的数字输入，或者到记录载体上去的数字输出，例如到磁盘存储单元，G06F3/06）
G06F12/14	.阻止存储器越权使用的保护