SYSTEMS AND METHODS FOR USING DNS MESSAGES FOR SELECTIVE COLLECTION OF COMPUTER FORENSIC DATA Russian patent published in 2022 - IPC H04L65/60 

FIELD: data processing.

SUBSTANCE: invention relates to the field of data processing. This effect is achieved by intercepting a Domain Name Service (DNS) response message received on a computer system, wherein the DNS response message contains a target Internet Protocol (IP) address indicating the network location of the remote resource, wherein the DNS response message further comprises an activation flag services, determining, according to the value of the service activation flag, whether the forensic data collection service is active, in response, if the service activation flag indicates that the forensic data collection service is active, modifying the DNS response message by replacing the target IP address with a dummy IP address, intercepting electronic communication directed to the destination IP address, determining whether the destination IP address matches the bogus IP address, in response to determining whether the destination IP address matches the bogus IP address if the destination IP address matches the bogus IP address IP address, a forensic data collection procedure is performed to characterize the emerging malicious code, wherein the forensic data collection procedure comprises transmitting a set of metadata characterizing electronic communication to a remote security server.

EFFECT: enabling the collection of computer security data from client devices.

20 cl, 13 dwg