System and method for generating and storing forensics-specific metadata

Assignee

• Acronis International GmbH · CH

Inventors

• Vladimir Strogov · Moscow, RU
• Oleg Ishanov · Moscow, RU
• Alexey Dod · Moscow, RU
• Serguei Beloussov · Moscow, RU
• Stanislav Protasov · Moscow, RU

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2201/84
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Disclosed herein are systems and method for generating and storing forensics-specific metadata. In one aspect, a digital forensics module is configured to generate a backup of user data stored on a computing device in accordance with a backup schedule. The digital forensics module identifies, from a plurality of system metadata of the computing device, forensics-specific metadata of the computing device based on predetermined rules, wherein the forensics-specific metadata is utilized for detecting suspicious digital activity. The digital forensics module generates a backup of the forensics-specific metadata in accordance with the backup schedule and analyzes the forensics-specific metadata for an indication of the suspicious digital activity on the computing device. In response to detecting the suspicious digital activity based on the analysis, generates a security event indicating that the suspicious digital activity has occurred.