首页>
外国专利>
Method and Apparatus for executing proof collection and investigation analysis for incident response
Method and Apparatus for executing proof collection and investigation analysis for incident response
展开▼
机译:对事件响应进行证据收集和调查分析的方法和装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a hacking response technology. More specifically, the present invention relates to a method and an apparatus for automatically performing evidence collection and investigation analysis on an infringement incident. According to the present invention, by automatically collecting evidence, data randomly deleted by an attacker or missed by a log limited capacity can be minimized. The method comprises the following steps: a data collection unit collects data; an information generation unit stores extracted information by parsing the collected data, and extracting information; an analysis identification module identifies behavior events by using the extracted information; the analysis identification module identifies a corresponding event related to inflow, execution, and transmission of a malicious code in a host among the identified behavior events; and the analysis identification module identifies an access point, and a moving and transmitting path of the malicious code to the inside of a domain by using the corresponding behavior event.
展开▼