Abstract: Techniques for efficient restoration of granular application data are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for restoring one or more portions of application data comprising virtualizing one or more backup files of the application data into a specified staging area, running a recovery process for the one or more backup files, virtualizing the one or more backup files and the one or more recovery files, instantiating an instance of an application utilizing the virtualized one or more backup files and the virtualized one or more recovery files, and recovering one or more portions of the application data.

Abstract: Malicious code detection code is executed by an information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation. The detection routines associate weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines. It is determined whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.

Abstract: Various embodiments of systems and methods are disclosed for performing online backup and restore of volume configuration information. In some embodiments, a method involves receiving a request to restore a volume configuration and, in response to the request, writing volume configuration information to a storage device. The volume configuration information includes a first disk signature, which identifies the storage device.

Abstract: A method, system, and computer-readable medium to quickly synchronize copies of data that have diverged over time. The present invention can be used in synchronizing replicated copies of data that have become unsynchronized due to the restoration of primary data from a backup copy of the primary data. The solution enables copies of data to be synchronized without copying all of the data from one copy to another. The solution uses minimal resources to maintain data consistency and has minimal effect on performance of applications using the data and on network usage. The method includes determining that a change occurred to data in a region of a primary volume without including the region in a set of regions designated for replication to a secondary volume. The region is added to the set of regions designated for replication to the secondary volume and replicated.

Abstract: A mechanism to collate, interpret, target or view communication items retained by an organization is presented. Such a mechanism can be used as an aid in identifying communication items (e.g., documents) during electronic discovery, as well as discovery of communication chains. Embodiments of the present invention provide a method, system, apparatus and computer program product for storing communication data, generating a people map data structure using the communication data, generating an evidence map data structure using the communication data, and coupling the people map data structure and evidence map data structure.

Abstract: Methods, apparatuses, and computer-readable media for detecting bulk electronic messages using header similarity analysis. Bulk electronic messages can be detected by parsing (115) header fields of an electronic message; associating (120) at least one constituent unit with each header field defining a set of constituent units for each header field; ascertaining (230) a feature vector for each set of constituent units; forming (240) a collection of feature vectors; and computing (250) an inner product from a set of constituent units from an additional electronic message and the collection of feature vectors from the initial electronic message resulting in a measure of similarity between the initial electronic message and the additional electronic message.

Abstract: Detecting deviations from normal behavior in a processing system is disclosed. Independently for each of a plurality of processes associated with the processing system, a learning phase is started for the process based on a start criteria associated with the process, the normal behavior associated with the process is learned during the learning phase, the learning phase for the process is stopped based on a stop criteria associated with the process, and a protect phase is started for the process.

Abstract: A system and method for querying file system content. In one embodiment, the system may include a storage device configured to store a plurality of files and a file system configured to manage access to the storage device. The file system may be further configured to perform in-band detection of a file system content access event and to responsively generate a given metadata record. The system may further include a query system configured to query the given metadata record.

Abstract: Various methods and systems for ending a communication protocol connection in response to detecting the failure of a cluster node are disclosed. One method involves detecting a failed node within a cluster. The failed node communicates with a client via a communication protocol connection. In response to detecting the failed node, a communication protocol message is sent to the client. Receipt of the communication protocol message causes the client to terminate the communication protocol connection.

Abstract: A method and system for filtering email spam using email noise reduction are described. In one embodiment, the method includes detecting, in an email message, data indicative of noise added to the email message to avoid spam filtering. The method further includes modifying the content of the email message to reduce the noise, and comparing the modified content of the email message with the content of a spam message.

Abstract: Systems, methods, apparatus and software can utilize storage resource locks to prevent modification (including relocation) of data in the storage resource while a third-party copy operation directed at the storage resource is occurring. A data transport mechanism such as a data restore application requests that a relevant portion of the storage resource be locked. Once locked, the data transport mechanism requests a data mover to perform a third-party copy operation whereby data is moved from a data source to the locked portion of the storage resource. When the third party-copy operation is complete, the data transport mechanism requests release of the lock on the portion of the storage resource.

Abstract: A method, apparatus, system and computer program product that provide a virtual worldwide name (vWWN) nameservice in a Fiber Channel storage area network (SAN) are provided. Embodiments of the vWWN nameservice can receive a request for a vWWN from a node in the SAN, where the request includes a identifier associated with resources in the SAN, then determine if the identifier matches contents of a field in one or more entries in a vWWN table or database, and provide the vWWN associated with a matching entry to the requesting node.

Abstract: Determining reputation information is disclosed. A honey token is included in an online identity data. The honey token is to monitor for misuse of all or part of the online identity data. Optionally, information associated with at least one use of the honey token is aggregated with other reputation information.

Abstract: A snapshot-aware secure delete event identifying a file for snapshot-aware secure deletion on a computer system is received, and the file to be deleted is identified from the snapshot-aware secure delete event. Each file snapshot associated with the file on the computer system is accessed at the volume level and each non-duplicate file extent of the file snapshots is identified. The raw data identified by each non-duplicate file extent is securely overwritten using a secure overwrite technique, and each file snapshot is deleted from the computer system. In this way the raw data of the file and the raw data of all the diff areas of file snapshots associated with the file are securely overwritten and deleted.

Abstract: Events are preprocessed and rulesets are horizontally partitioning among rule computer systems. This allows the event analysis to be horizontally partitioned onto different rule computer systems. Thus, event correlation across large, high-speed networks is readily performed. Further, by increasing or decreasing the granularization of the horizontally partitioning of the rulesets, the event correlation is readily scalable.

Abstract: A method and system of generating a point-in-time image of at least a portion of a database is disclosed. According to one embodiment, a method is provided wherein a plurality of components of a database are discovered, a component of the plurality of components is selected, a data management resource of a plurality of data management resources is selected using an attribute of the component, and a point-in-time image of the component is generated using the data management resource.

Abstract: Exemplary methods and systems for creating and executing generic software packages are disclosed. A method for creating generic software packages may include receiving a digital file, providing meta-data that indicates a feature of the digital file, and providing a determination module adapted to identify a target platform where the digital file is to be installed. The method may also include providing a configuration module adapted to configure the meta-data to be compatible with the target platform and including the determination module and the configuration module in the generic software package such that the generic software package includes the digital file, the meta-data, the determination module, and the configuration module. An exemplary method for executing generic software package may include providing the generic software package, identifying a target platform where the digital file is to be installed, and configuring meta-data to be compatible with the target platform.

Abstract: A system and method are disclosed for preventing detection of a monitoring process running on a computer. A request to access a process file concerning a process running on the computer is received from a user. It is determined whether the process file requested by the user relates to the selected process. If the requested process file does not relate to the selected process, the user is provided with access to the file.

Abstract: A method and mechanism for diagnosing application failures. An executable application is augmented with code which generates a list of components, as well as version information, utilized by the application. Also created is data which associates application components with applications which utilize those components. The list of components, version information, and association data are stored in a database and updated each time the application is run. In response to detecting a failure of the application, a database query is generated which returns a list of components utilized by the failed application. By comparing the date that application components changed to the date the application was last successfully run, a high priority list of components which changed since the last successful run may be generated. Diagnosis of the application failure may then begin with components in the high priority list.

Abstract: The present invention can provide an OS independent system for storing data within a storage system. The invention can provide a directory system which is designed dynamically to adapt based upon the caching memory available for searching directories. Received files can be stored in a current directory until a predetermined limit is reached. In parallel, a database can be created to record which files are stored in which directory. This database can be designed to be kept in physical memory to minimize file access latency. This arrangement provides that a data storage system can store data in a simple order of receipt manner while also managing the storage structure to limit the number of data objects in any given container, thus preventing a search function analysing any given container from needing to access an excessive number of data objects and thus slow down the search to an unacceptable level.