Patent · US Active

Forensic analysis of computing activity

US9967267B2 · kind B2 · utility

26Cited by

16References

22Claims

0Family size

Assignee

Sophos Limited · GB

Inventors

Beata Ladnai · Altrincham, GB
Mark David Harris · Banbury, GB
Andrew J. Thomas · Woodstock, GB
Andrew G. P. Smith · North Hinksey, GB
Russell Humphries · Redmond, US
Kenneth D. Ray · Seattle, US

Key dates

Filing date	Apr 15, 2016
Grant date	May 8, 2018
Priority date	—
Expiry date	Jul 27, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.