-
公开(公告)号:US08683592B1
公开(公告)日:2014-03-25
申请号:US13341174
申请日:2011-12-30
申请人: Yedidya Dotan , Assaf Natanzon , Uri Rivner
发明人: Yedidya Dotan , Assaf Natanzon , Uri Rivner
CPC分类号: G06F21/552 , G06F2221/2151 , H04L63/1408 , H04L63/1425
摘要: An improved technique for performing forensic investigations in an electronic system includes capturing and associating multiple streams of information. The streams include a network stream and a storage stream. The network stream includes a record of network activities. The storage stream includes a record of storage activities. In some examples, the storage stream includes both disk activities and memory activities, including both reads and writes. Records of the captured streams are stored in a data storage array and are associated by applying a common timing reference to the records. A comprehensive history is thus obtained, with both network and storage activities coordinated in time, to enable examination and tracing of suspect or malicious occurrences across network and storage domains. The improved technique can be used in both physical and virtual computing environments and affords particular advantages in virtual and cloud environments where forensic analysis has proven to be difficult.
摘要翻译: 用于在电子系统中执行取证调查的改进技术包括捕获和关联多个信息流。 流包括网络流和存储流。 网络流包括网络活动的记录。 存储流包括存储活动的记录。 在一些示例中,存储流包括磁盘活动和内存活动,包括读取和写入。 捕获的流的记录被存储在数据存储阵列中,并且通过对记录应用公共定时参考来相关联。 因此,能够及时协调网络和存储活动,从而实现对网络和存储域的可疑或恶意事件的检查和跟踪。 改进的技术可以在物理和虚拟计算环境中使用,并在虚拟和云环境中提供特别的优势,其中法证分析已被证明是困难的。
-
2.发明授权公开(公告)号:US08825848B1
公开(公告)日:2014-09-02
申请号:US13424955
申请日:2012-03-20
IPC分类号: G06F15/173
CPC分类号: G06F21/577 , G06F11/3476 , G06F11/3495 , G06F17/30144 , G06F2201/86 , H04L63/1425
摘要: An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.
摘要翻译: 用于在电子系统中记录事件的用于取证分析的改进技术包括:通过记录单元从电子系统的不同取证代理接收事件记录,并应用事件记录中包含的定时信息,以使记录单元中的事件记录更新 准确的订单。 在一些示例中,定时信息包括在用于存储事件序列的电子系统的代理之间建立的向量时钟。 向量时钟提供关于在法庭代理之间发生的特定事件的序列信息,其被应用于校正报告的事件记录的顺序。 在其他示例中,定时信息包括从公共时间戳服务器向代理发布的时间戳。 在其他示例中,定时信息包括代理正在其上运行的设备的时间戳,或上述定时信息示例的任何组合。
-
公开(公告)号:US10255291B1
公开(公告)日:2019-04-09
申请号:US12493293
申请日:2009-06-29
申请人: Assaf Natanzon , Yuval Aharoni
发明人: Assaf Natanzon , Yuval Aharoni
摘要: A method and system comprising splitting an IO in a system; intercepting the IO in an appliance; determining whether the IO is directed to a replicated file system; sending the IO directed to the replicated file system to a replication device; and acknowledging the receipt of the IO. A method, system and computer program product comprising requesting access to a point in time in a replicated file system; determining from a plurality of bookmarks of file system configurations; a bookmark corresponding to the point in time; determining if the current configuration of the file system is equivalent to the bookmark; and reconfiguring the file system when the current configuration is not equivalent to the configuration of the bookmark.
-
公开(公告)号:US10235145B1
公开(公告)日:2019-03-19
申请号:US13614260
申请日:2012-09-13
申请人: Assaf Natanzon , Lev Ayzenberg
发明人: Assaf Natanzon , Lev Ayzenberg
摘要: In one aspect, a method includes intercepting write I/Os going to a volume on a storage array and sending the write I/Os to targets on a plurality of source-side data protection appliances based on a load balancing scheme. In another aspect, an article includes a non-transitory machine-readable medium that stores executable instructions. The instructions cause a machine to intercept write I/Os going to a volume on a storage array and send the write I/Os to targets on a plurality of source-side data protection appliances based on a load balancing scheme. In a further aspect, an apparatus includes circuitry configured to intercept write I/Os going to a volume on a storage array and send the write I/Os to targets on a plurality of source-side data protection appliances based on a load balancing scheme.
-
公开(公告)号:US10108507B1
公开(公告)日:2018-10-23
申请号:US13077280
申请日:2011-03-31
申请人: Assaf Natanzon
发明人: Assaf Natanzon
摘要: A method, system, and computer program product for receiving a request to roll an image to a point in time by reading data from a journal, applying data from the journal to create a asynchronous copy on write image at the requested point in time, creating a virtual image data structure, and allowing writes to be cached in a journal based replication appliance.
-
公开(公告)号:US09336094B1
公开(公告)日:2016-05-10
申请号:US13614104
申请日:2012-09-13
申请人: Kfir Wolfson , Assaf Natanzon , Saar Cohen
发明人: Kfir Wolfson , Assaf Natanzon , Saar Cohen
CPC分类号: G06F11/1469 , G06F11/1471 , G06F11/2023 , G06F11/2025 , G06F11/2058 , G06F11/2064 , G06F11/2069 , G06F11/2074 , G06F2201/84 , G06F2201/855 , H04L67/1095 , H04L69/40
摘要: In one aspect, a method includes determining that a first quorum of servers is available at a production site and a target site and generating a group-set bookmark if the first quorum of servers is available. In another aspect, an article includes a non-transitory machine-readable medium that stores executable instructions. The instructions cause a machine to determine that a first quorum of servers is available at a production site and a target site and generate a group-set bookmark if the first quorum of servers is available. In a further aspect, an apparatus includes circuitry configured to determine that a first quorum of servers is available at a production site and a target site; and generate a group -set bookmark if the first quorum of servers available.
摘要翻译: 一方面,一种方法包括确定服务器的第一法定数量在生产站点和目标站点是可用的,并且如果第一法定服务器可用,则生成组集合书签。 在另一方面,一种物品包括存储可执行指令的非暂时机器可读介质。 这些说明使机器确定在生产站点和目标站点可以使用第一个服务器的数量,并在服务器的第一个仲裁数量可用的情况下生成一个组集书签。 在另一方面,一种装置包括被配置为确定服务器的第一法定数量在生产现场和目标站点可用的电路; 并且如果服务器的第一个仲裁可用,则生成一个组集合书签。
-
7.发明授权Generating and accessing a virtual volume snapshot in a continuous data protection system 有权生成并访问连续数据保护系统中的虚拟卷快照公开(公告)号:US09223659B1
公开(公告)日:2015-12-29
申请号:US13535846
申请日:2012-06-28
申请人: Assaf Natanzon , Saar Cohen
发明人: Assaf Natanzon , Saar Cohen
CPC分类号: G06F11/1446 , G06F11/1456 , G06F11/1469 , G06F11/2094 , G06F2201/815 , G06F2201/84
摘要: In one aspect, a method includes receiving a request to access a virtual volume snapshot, preparing to bind the virtual volume snapshot, intercepting a command to prepare bind of the virtual volume snapshot, rolling back to a point in time corresponding to the requested virtual volume snapshot and generating a virtual volume snapshot in a storage array.
摘要翻译: 在一个方面,一种方法包括接收访问虚拟卷快照的请求,准备绑定虚拟卷快照,截取用于准备虚拟卷快照的绑定的命令,回滚到与所请求的虚拟卷对应的时间点 快照并在存储阵列中生成虚拟卷快照。
-
公开(公告)号:US09158578B1
公开(公告)日:2015-10-13
申请号:US13539398
申请日:2012-06-30
申请人: Philip Derbeko , Assaf Natanzon , Anat Eyal , David Erel
发明人: Philip Derbeko , Assaf Natanzon , Anat Eyal , David Erel
CPC分类号: G06F9/4856 , G06F3/0631 , G06F9/45558 , G06F12/08 , G06F12/084 , G06F12/0842 , G06F12/0866 , G06F12/0868 , G06F2009/4557 , G06F2212/262
摘要: A method, computer program product, and computing system for receiving an indication that a target virtual machine is going to be migrated from a first operating environment to a second operating environment. The target cache system is associated with target virtual machine. An auxiliary virtual machine is generated within the second operating environment. An auxiliary cache system is associated with the auxiliary virtual machine. The target virtual machine and the auxiliary virtual machine are connected. IO requests for the target virtual machine are mirrored to the auxiliary virtual machine. At least a portion of cache data included within a target memory system associated with the target cache system is copied to an auxiliary memory system associated with the auxiliary cache system. The target virtual machine is migrated from the first operating environment to the second operating environment.
摘要翻译: 一种用于接收目标虚拟机将要从第一操作环境迁移到第二操作环境的指示的方法,计算机程序产品和计算系统。 目标缓存系统与目标虚拟机相关联。 在第二操作环境内生成辅助虚拟机。 辅助缓存系统与辅助虚拟机相关联。 目标虚拟机和辅助虚拟机连接。 对目标虚拟机的IO请求将镜像到辅助虚拟机。 包括在与目标高速缓存系统相关联的目标存储器系统内的高速缓存数据的至少一部分被复制到与辅助高速缓存系统相关联的辅助存储器系统中。 目标虚拟机从第一个操作环境迁移到第二个操作环境。
-
公开(公告)号:US09152814B1
公开(公告)日:2015-10-06
申请号:US13731988
申请日:2012-12-31
申请人: Assaf Natanzon
发明人: Assaf Natanzon
CPC分类号: G06F21/6218 , G06F12/1408 , H04L63/068
摘要: In one aspect, a method to manage encrypted data includes configuring a first portion of a storage medium to store encrypted data. The encrypted data is encrypted using a time-based encryption key. The method also includes configuring a second portion of the storage medium to include metadata identifying the time-based encryption key and storing the time-based encryption key in a location other than the storage medium.
摘要翻译: 一方面,一种管理加密数据的方法包括配置存储介质的第一部分以存储加密数据。 加密数据使用基于时间的加密密钥进行加密。 该方法还包括配置存储介质的第二部分以包括标识基于时间的加密密钥的元数据,并将基于时间的加密密钥存储在除存储介质之外的位置。
-
公开(公告)号:US09087112B1
公开(公告)日:2015-07-21
申请号:US13924982
申请日:2013-06-24
申请人: Assaf Natanzon , Saar Cohen , Jehuda Shemer
发明人: Assaf Natanzon , Saar Cohen , Jehuda Shemer
CPC分类号: G06F17/30575 , G06F11/1471 , G06F11/2074
摘要: In one aspect, a method includes performing replication of a first volume using a snapshot shipping mode, performing replication of a second volume using a continuous replication mode and generating a consistent point in time for the first and second volumes to enable retrieval of replicated data from the first and second volumes at the consistent point in time.
摘要翻译: 一方面,一种方法包括使用快照发送模式执行第一卷的复制,使用连续复制模式执行第二卷的复制,并且生成第一和第二卷的一致的时间点以使得能够从 第一和第二卷在一致的时间点。
-
-
-
-
-
-
-
-
-
搜索结果
143 条记录 (耗时 0.026 秒)
