Ordering of event records in an electronic system for forensic analysis
US8825848B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 20, 2012 |
| Grant date | Sep 2, 2014 |
| Priority date | — |
| Expiry date | Aug 13, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/86
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.