Abstract: A computer security method for analyzing data sets for remediating security incidents in a cloud-based response system. Logs of data are retrieved from a computer network. The logs of data are parsed and filtered into the data sets. The logs of data are filtered by creating an event timeline of the computer network by identifying events from the data sets. An event timeline of the computer network is analyzed from the data sets to identify whether data from the logs of data is accessed by an unauthorized computing system. Based on a result of the identification of whether data from the logs of data is accessed by an unauthorized computing system, a set of suggested tasks, wherein each suggested task of the set of suggested tasks represents techniques for isolating a host connected to the computer network if the data has been compromised.

Abstract: Disclosed are techniques for analyzing forensic data and remediating security incidents in a multi-tenant environment. The techniques comprises receiving the forensic data from a network by receiving a copy of data from each a computing device and a containerized systems which accesses the network, wherein the network includes a premises network and/or a cloud network. Further, processing the forensic data received from the network by determining if the network has been accessed by an unauthorized computing system by parsing the forensic data, wherein processing is performed by splitting the processing of the forensic data into a number of tasks and processing the number of tasks in overlapping time using a number of working resources, the group of working resources are scaled based on the number of tasks, Finally, processing the number of tasks if it is determining that the unauthorized computing device has accessed the network.

Abstract: Disclosed are techniques for performing forensic analysis of computer systems in a cloud network. The techniques can include using a scalable, cloud-based, specialized computer architecture for performing the forensic analysis of computer systems.

Abstract: A method for creating a memory map of a memory present in a target machine is disclosed for electronically protecting computer systems. In one step, extracting operating system details and kernel details from the target machine. A memory image is generated from the operating system and the kernel details extracted from the target machine. The memory image comprises similar configuration as that of the target machine. A memory map is created from the memory image. The memory map includes a list of applications running in the memory of the target machine at a particular instance of time. The memory map is analyzed for security issues to identify the applications running at the particular instance of time.

Abstract: Disclosed are techniques for performing forensic analysis of computer systems in a cloud network. The techniques can include using a scalable, cloud-based, specialized computer architecture for performing the forensic analysis of computer systems.