The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 13, 2025
Filed:
May. 16, 2022
Microsoft Technology Licensing, Llc, Redmond, WA (US);
Shi Min Sharon Ko, Redmond, WA (US);
Vidhi Agarwal, Bellevue, WA (US);
Gueorgui Chkodrov, Redmond, WA (US);
Sangeetha Madderla, Redmond, WA (US);
Mohamed Rouatbi, Yakima, WA (US);
Microsoft Technology Licensing, LLC, Redmond, WA (US);
Abstract
Event-triggered forensics capture technologies balance security incident data availability against data processing and storage costs. A forensic correlation engine receives basic status data of a monitored computing system. A forensic computing system detects a trigger event in the basic status data, and starts capturing extended status data per a corresponding capture specification. Captured data is submitted to a forensic analysis tool. Different trigger events may cause different data captures. A query specifying which data to capture from a live stream or from virtual machines may operate as a capture trigger start event. Extended status data capture activity may be stopped by a change in the basic status data being received, by a timeout, or by forensic analysis that finds no vulnerability or threat based on captured data. Data transfers and storage may be restricted to comply with privacy regulations or policies.