Patent · US Active

File extraction from memory dump for malicious content analysis

US9355247B1 · kind B1 · utility

201Cited by

196References

21Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Emmanuel Thioux · Santa Cruz, US
Muhammad Amin · Fremont, US
Osman Abdoul Ismael · Palo Alto, US

Key dates

Filing date	Mar 13, 2013
Grant date	May 31, 2016
Priority date	—
Expiry date	Mar 13, 2033

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Techniques for malicious content detection using memory dump are described herein. According to one embodiment, a monitoring module is configured to monitor activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of one or more predetermined events triggered by the malicious content suspect, a memory dump module is configured to generate a memory dump of the malicious content suspect. An analysis module is configured to analyze the memory dump to determine whether the malicious content suspect should be declared as malicious based on a set of one or more rules.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.