Methods, systems, and computer readable media for efficient computer forensic analysis and data access control

Assignee

• The University of North Carolina at Chapel Hill · US

Inventors

• Srinivas Krishnan · Carrboro, US
• Fabian Monrose · Chapel Hill, US
• Kevin Snow · Cary, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/53
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

According to one aspect, the subject matter described herein includes a method for efficient computer forensic analysis and data access control. The method includes steps occurring from within a virtualization layer separate from a guest operating system. The steps include monitoring disk accesses by the guest operating system to a region of interest on a disk from which data is copied into memory. The steps also include tracking subsequent accesses to the memory resident data where the memory resident data is copied from its initial location to other memory locations or over a network. The steps further include linking operations made by the guest operating system associated with the disk accesses with operations made by the guest operating system associated with the memory accessed.