CPC G06F 21/568 (2013.01) [G06F 11/1451 (2013.01); G06F 21/78 (2013.01)] | 17 Claims |
1. A computer-based method, comprising:
providing a protected hardware-based forensic data reserve comprising:
a hardware-based memory; and
hardcoded code therein configured to store forensic data in the hardware-based memory;
receiving evidentiary data from a data source, wherein the evidentiary data is related to the processing of information by a computer system;
storing the evidentiary data as the forensic data in the hardware-based memory of the protected hardware-based forensic data reserve using the hardcoded code;
detecting a data attack on the computer system;
in the event of the data attack having occurred, retrieving the stored forensic data from the forensic data reserve; and
remediating the data attack including:
restoring deleted data using the retrieved forensic data,
wherein the deleted data was removed from the computer system during the data attack.
|