Abstract: Techniques are provided to prevent or allow the execution of a file from a copy device, such as a shadow copy device, depending on whether the file includes malicious code or trusted code. Redirection techniques may be used to cause a file (stored in the copy device) to be analyzed for malicious code at an original volume, rather than being analyzed at or executed from the copy device.

Abstract: To implement secure block cloning on file systems that support block cloning, a computer security application is executed on a computer system deploying a file system that supports block cloning. The computer security application receives a block cloning command to clone a source file to a target file. Before the computer system executes the block cloning command, the computer security application identifies a trust status associated with the source file. The trust status is identified by looking up a base inventory that stores trust data associated with multiple files stored on the file system. The multiple files include the source file. Based on the trust status associated with the source file, the computer security application determines that the trust status associated with the source file is trustworthy. In response to determining that the source file is trustworthy, the computer security application applies the trust status associated with the source file to the target file.

Abstract: The disclosure provides an approach for secure offloaded data transfer. Embodiments include receiving, by a security component on a client device, from a storage system connected to the client device, a token associated with a data read request corresponding to a source file on the storage system. Embodiments include determining, by the security component, that the source file is trusted. Embodiments include generating, by the security component, an entry in a trusted token cache based on determining that the source file is trusted, wherein the entry comprises the token. Embodiments include receiving, by the security component, a write request corresponding to a destination file on the storage system, wherein the write request comprises the token or a different token. Embodiments include determining, by the security component, based on the trusted token cache, whether to perform one or more operations related to the write request.

Abstract: In one or more embodiments described herein, system, methods, and/or computer program products that forensic analysis through metadata extraction. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metadata generation component that generates a metadata product comprising one or more data items associated with a distributed architecture of a file system, wherein the file system comprises one or more disks. The computer executable components can further comprise a security component that monitors the file system, wherein the security component generates an alert in response to detecting a degradation event associated with the one or more disks.

Abstract: In one or more embodiments described herein, system, methods, and/or computer program products that forensic analysis through metadata extraction. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metadata generation component that generates a metadata product comprising one or more data items associated with a distributed architecture of a file system, wherein the file system comprises one or more disks. The computer executable components can further comprise a security component that monitors the file system, wherein the security component generates an alert in response to detecting a degradation event associated with the one or more disks.