CN113946873B - Off-disk file tracing method and device, terminal and storage medium - Google Patents

Off-disk file tracing method and device, terminal and storage medium Download PDF

Info

Publication number
CN113946873B
CN113946873B CN202111565276.0A CN202111565276A CN113946873B CN 113946873 B CN113946873 B CN 113946873B CN 202111565276 A CN202111565276 A CN 202111565276A CN 113946873 B CN113946873 B CN 113946873B
Authority
CN
China
Prior art keywords
file
disk
log
disk file
tray
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111565276.0A
Other languages
Chinese (zh)
Other versions
CN113946873A (en
Inventor
金雪莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Lenovo Collaboration Technology Inc
Original Assignee
Tianjin Lenovo Collaboration Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Lenovo Collaboration Technology Inc filed Critical Tianjin Lenovo Collaboration Technology Inc
Priority to CN202111565276.0A priority Critical patent/CN113946873B/en
Publication of CN113946873A publication Critical patent/CN113946873A/en
Application granted granted Critical
Publication of CN113946873B publication Critical patent/CN113946873B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The embodiment of the invention discloses an off-disk file tracing method, an off-disk file tracing device, a terminal and a storage medium. The method comprises the following steps: when receiving an operation request of an off-disk file, detecting whether a log recording process of the off-disk file normally runs or not; starting a log recording process of the off-disk file, and starting an off-disk file operation sandbox when the log recording process of the off-disk file normally runs; judging whether the operation sandbox of the de-mapping file operates normally or not, and responding to an operation request of the de-mapping file in the operation sandbox of the de-mapping file when the operation sandbox of the de-mapping file operates normally; obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox; and when the network environment meets the requirements, sending the disk-off log file to the network disk so that the network disk can acquire the operation information of the disk-off file.

Description

Off-disk file tracing method and device, terminal and storage medium
Technical Field
The embodiment of the invention relates to the technical field of network disks, in particular to a method, a device, a terminal and a storage medium for tracing off-disk files.
Background
With the rapid development of internet cloud computing technology, the network disk service has become a core content of the current information service. The user can realize the remote storage, reading and sharing of the files through the network disk, so that the use convenience and the access flexibility of the data materials can be greatly improved.
In the process of enterprise information digital transformation, enterprise data security is particularly important. The network disk is strict in safety management of files, different authorities are possessed for the same file of different users, and sensitive information in the network disk file can be effectively prevented from leaking through different settings of the authorities. However, the user may distribute the network disk file through the network disk, so that the network disk file may be downloaded locally by other people, thereby causing information to be exposed on the public network. Risk of important information leakage. Once information leakage occurs, the files need to be traced. However, the existing tracing method can only use the digital watermark method, but this method can only record the information during downloading, for example: and downloading information such as the IP address of the file, the network disk user name and the like. But this approach cannot indicate subsequent file transfer process information. Tracing of file leakage cannot be achieved.
Disclosure of Invention
The embodiment of the invention provides a method and a device for tracing off-disk files, a network disk and a storage medium, which aim to realize the technical purposes of tracing the off-disk files and preventing sensitive information from leaking.
In a first aspect, an embodiment of the present invention provides an off-disk file tracing method, including:
when receiving an operation request of an off-disk file, detecting whether an off-disk file log recording process normally operates, wherein the off-disk file log is generated when a network disk downloads the off-disk file, is packaged in the off-disk file, and is implanted into a corresponding off-disk file log recording process when the off-disk file is downloaded;
starting a log recording process of the off-disk file, and starting an off-disk file operation sandbox when the log recording process of the off-disk file normally runs;
judging whether the operation sandbox of the de-mapping file operates normally or not, and responding to an operation request of the de-mapping file in the operation sandbox of the de-mapping file when the operation sandbox of the de-mapping file operates normally;
obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox;
and when the network environment meets the requirements, sending the off-disk log file to the network disk.
In a second aspect, an embodiment of the present invention further provides an off-disk file tracing apparatus, including:
the off-disk file log recording process detection module is used for detecting whether the off-disk file log recording process normally runs or not when receiving an operation request of an off-disk file, generating an off-disk file log when the off-disk file is downloaded by a network disk, packaging the off-disk file log into the off-disk file, and implanting a corresponding off-disk file log recording process when the off-disk file is downloaded;
the starting module is used for starting the off-disk file operation sandbox when the off-disk file log recording process normally runs;
the judging module is used for judging whether the off-tray file operation sandbox normally operates or not, and responding to an operation request of the off-tray file in the off-tray file operation sandbox when the off-tray file operation sandbox normally operates;
the writing module is used for acquiring the operation of the off-disk file and writing operation information into an off-disk file log operated in the off-disk file operation sandbox;
and the sending module is used for sending the log file of the off-disk to the network disk when the network environment meets the requirement.
In a third aspect, an embodiment of the present invention further provides a terminal, including:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the off-disk file tracing method provided by the above embodiments.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the off-disk file tracing method provided in the above embodiments.
According to the off-disk file tracing method, the off-disk file tracing device, the network disk and the storage medium provided by the embodiment of the invention, when the operation request of the off-disk file is received, whether the log recording process of the off-disk file normally operates is detected, the off-disk file log is generated when the off-disk file is downloaded by the network disk, is packaged in the off-disk file, and is implanted with the corresponding log recording process of the off-disk file when the off-disk file is downloaded; starting a log recording process of the off-disk file, and starting an off-disk file operation sandbox when the log recording process of the off-disk file normally runs; judging whether the off-tray file operation sandbox normally operates or not, and starting the off-tray file in the off-tray file operation sandbox to respond to an operation request of the off-tray file when the off-tray file operation sandbox normally operates; obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox; and when the network environment meets the requirements, sending the off-disk log file to the network disk so that the network disk acquires the operation information of the off-disk file. The network disk can add the off-disk log file in the file downloading process, start the log recording process when the off-disk file runs, and record various operation information of the off-disk file. Under the condition that the network environment allows, the off-disk file log can be uploaded to the network disk, various operation information of the off-disk file can be acquired through the network disk, and the information of the off-disk file can be traced.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1 is a flowchart of an off-disk file tracing method according to an embodiment of the present invention;
fig. 2 is a flowchart of an off-disk file tracing method according to a second embodiment of the present invention;
fig. 3 is a flowchart of an off-disk file tracing method according to a third embodiment of the present invention;
fig. 4 is a structural diagram of an off-disk file tracing apparatus according to a fourth embodiment of the present invention;
fig. 5 is a structural diagram of a terminal according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for tracing an off-disk file according to an embodiment of the present invention, where the embodiment is applicable to a situation of tracing a file download operation and a file transfer from a network disk, and the method may be implemented by an off-disk file tracing apparatus, where the off-disk file tracing apparatus may be implemented in a software manner and may be integrated in a terminal that downloads and operates an off-disk file, and the method specifically includes the following steps:
and step 110, when receiving an operation request of the off-disk file, detecting whether the log recording process of the off-disk file normally runs, wherein the log of the off-disk file is generated when the off-disk file is downloaded by a network disk, is packaged in the off-disk file, and is implanted with the log recording process of the off-disk file when the off-disk file is downloaded.
In this embodiment, the off-disk file may be various files downloaded from a network disk, in particular, a text file, such as various files of docx, doc, xlsx, pptx, pdf, txt, and the like. In this embodiment, the off-disk file downloaded by the user may be a composite file including the text file and an off-disk log file for recording the text file, where the off-disk log file is encapsulated in the text file and is invisible to the user. And implanting an off-disk file log recording process into the system for downloading the off-disk file at present when the user finishes downloading the off-disk file. The log recording process of the off-disk file can be automatically generated along with the starting of the terminal, and the terminal always keeps normal operation in the operation process of the terminal. And automatically generating log recording process of the disk-off file when the disk-off file is copied to other terminals. The running operation may include preview, view, edit, and the like. When a running operation request of a user for the off-disk file is locally received, whether the log recording process of the off-disk file runs normally or not is firstly detected, and the problem of divulgence caused by the fact that the running operation of the off-disk file cannot be recorded due to abnormal closing of the log recording process of the off-disk file is avoided.
And step 120, starting the operation sandbox of the off-disk file when the log recording process of the off-disk file runs normally.
In this embodiment, to avoid tampering with the log file of the disk-off file, the operation of the disk-off file may be set in a sandbox, where the sandbox is a virtual system program, and allows the program to be run in the sandbox environment, and the program running inside the sandbox cannot permanently affect the hard disk, and the operation on the disk-off file and the log record of the disk-off file cannot be affected by the operation on the local system.
Step 130, judging whether the operation sandbox for the de-mapping file operates normally, and responding to the operation request of the de-mapping file in the operation sandbox for the de-mapping file when the operation sandbox for the de-mapping file operates normally.
The sandbox is a virtual program in nature, therefore, before the user is allowed to operate on the off-disk file, whether the sandbox virtual program normally operates is detected, and when the off-disk file operates the sandbox normally, the off-disk file operating program is called in the sandbox to respond to the operation request of the off-disk file.
And 140, acquiring the operation of the off-disk file, and writing operation information into the off-disk file log operated in the off-disk file operation sandbox.
The sandbox can be regarded as a virtual machine, and the operation of the off-disk file can be acquired by utilizing a monitoring process in the virtual machine, or a preset program can be embedded in the sandbox to acquire the operation related information of the off-disk file. And writing the acquired information related to the operation of the disk-leaving piece into a disk-leaving file log. The running operation information may include: device name, device ID, and operating time.
And 150, when the network environment meets the requirements, sending the disk-off log file to the network disk so that the network disk can acquire the operation information of the disk-off file.
The network environment meets the requirements, and the terminal where the current off-disk file is located can normally realize network connection with the network disk. The off-disk log file is sent to the network disk, the network disk can read the operation information of the off-disk file after receiving the off-disk log file, an operation log tree is generated according to the operation information of the off-disk file, the subsequent circulation execution operation of the off-disk file can be conveniently checked, once the divulgence occurs, the last operation corresponding to the divulgence file can be checked according to the operation log tree, and the source tracing of the divulgence file is further achieved.
In the embodiment, when an operation request of an off-disk file is received, whether an off-disk file log recording process normally operates is detected, an off-disk file log is generated when an off-disk file is downloaded by a network disk, and is encapsulated in the off-disk file, and a corresponding off-disk file log recording process is implanted when the off-disk file is downloaded; starting a log recording process of the off-disk file, and starting an off-disk file operation sandbox when the log recording process of the off-disk file normally runs; judging whether the operation sandbox of the de-mapping file operates normally or not, and starting the de-mapping file in the operation sandbox of the de-mapping file to respond to the operation request of the de-mapping file when the operation sandbox of the de-mapping file operates normally; obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox; and when the network environment meets the requirements, sending the disk-off log file to the network disk so that the network disk can acquire the operation information of the disk-off file. The network disk can add the off-disk log file in the file downloading process, start the log recording process when the off-disk file runs, and record various operation information of the off-disk file. Under the condition that the network environment allows, the off-disk file log can be uploaded to the network disk, various operation information of the off-disk file can be acquired through the network disk, and the information of the off-disk file can be traced.
In a preferred implementation manner of this embodiment, the starting of the off-disk file operation sandbox when the off-disk file log recording process is in normal operation may be specifically optimized as follows: when the log recording process of the off-disk file normally runs, judging whether network connection can be established with the network disk or not; and starting the off-disk file operation sandbox when the network connection with the network disk can be established. Under some special conditions, after the user downloads the off-disk file, the network connection can be disconnected, and when the network connection is disconnected, the off-disk file can still be operated in the above mode, and meanwhile, the off-disk file log can not be uploaded to the network disk. In order to avoid the foregoing situation, in this embodiment, it may be determined whether a network connection can be established with the network disk when it is detected that the log recording process of the off-disk file is normally running, and the off-disk file operation sandbox is started only when the network connection can be normally established with the network disk. The method can effectively avoid the malicious user from hiding the operation information of the off-disk file in a mode of disconnecting the network connection, and further improves the traceability of the off-disk file.
Example two
Fig. 2 is a schematic flowchart of a method for tracing an off-disk file according to a second embodiment of the present invention. In this embodiment, when the operation is editing, writing operation information into the log of the off-disk file running in the off-disk file operation sandbox, which is specifically optimized as follows: and generating a new version running log, and writing running operation information into the new version log.
Correspondingly, the method for tracing the off-disk file provided by the embodiment specifically includes:
step 210, when receiving an operation request of the off-disk file, detecting whether the log recording process of the off-disk file normally runs, wherein the log of the off-disk file is generated by the network disk when the off-disk file is downloaded, and is packaged in the off-disk file, and when the off-disk file is downloaded, the log recording process of the off-disk file is implanted correspondingly.
And step 220, starting the operation sandbox of the off-disk file when the log recording process of the off-disk file runs normally.
And step 230, judging whether the operation sandbox for the de-mapping file operates normally, and responding to the operation request of the de-mapping file in the operation sandbox for the de-mapping file when the operation sandbox for the de-mapping file operates normally.
And 240, acquiring the operation of the off-disk file, generating a new version operation log in the off-disk file operation sandbox when the operation is editing, and writing operation information in the new version log.
After downloading the off-disc file, the user can edit the file in the off-disc file operation sandbox. If the off-disk file is edited, the edited file content and the file content during downloading can generate large changes. Once the edited disk-leaving file is divulged, the disk-leaving file log only records the operation information of the current file, so that the specific link in which the divulgence occurs is difficult to track. Therefore, in this embodiment, when the running operation is editing, a new version running log may be newly generated for recording the running operation information of the edited off-disk file. And the files are circulated together with the edited off-disc files. The edited off-disk file can be tracked, and the tracing is convenient. Optionally, the running operation may be editing, and after the saving operation is monitored, a new version running log may be generated, so as to avoid that the new version running log is generated without any effective modification to the off-disk file by the editing operation. Causing confusion.
And step 250, when the network environment meets the requirements, sending the disk-off log file to the network disk so that the network disk can acquire the operation information of the disk-off file.
In this embodiment, by writing the operation information into the log of the off-disk file that is to be run in the off-disk file operation sandbox, the optimization is specifically: and generating a new version running log, and writing running operation information into the new version log. When the disk-off file is edited and modified, the corresponding disk-off file log is created for the modified disk-off file, so that the operation information of different edited disk-off files can be recorded conveniently, a plurality of versions which are possibly generated by the disk-off file can be effectively managed, and the edited file can be traced conveniently.
EXAMPLE III
Fig. 3 is a flowchart illustrating a method for tracing an off-disk file according to a third embodiment of the present invention. In this embodiment, the off-disk file is specifically optimized based on the above embodiment as follows: an off-disk encrypted file, the off-disk encrypted file comprising: off-tray files, off-tray file logs, and sandboxes; correspondingly, after receiving the operation request of the off-disk file, before detecting whether the log recording process of the off-disk file normally operates, the following steps are added: decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file; and generating an off-disk file log recording process in the decryption process.
Correspondingly, the method for tracing the off-disk file provided by the embodiment specifically includes:
step 310, when receiving an operation request of the off-disk encrypted file, decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file; and generating an off-disk file log recording process in the decryption process.
Since the log recording process of the off-disk file is generated during downloading and resides in the system, the log recording process is likely to be closed by various virus killing software as a malicious process, so that the user cannot normally operate the off-disk file. Therefore, in this embodiment, uniformly setting the off-disk files as an encrypted package may include: off-tray files, off-tray file logs, and sandboxes. Before the user operates the off-disk file, the encrypted packet needs to be decrypted. And embedding an off-disk file log recording process in the decryption process. In the decryption starting process, an off-disk file log recording process is started. The off-disk file logging process can be eliminated along with the off-disk encryption process. And the sandbox process may be started using the off-disk file log record process.
And step 320, detecting whether the log recording process of the off-disk file runs normally, and starting the off-disk file operation sandbox when the log recording process of the off-disk file runs normally.
And 330, judging whether the operation sandbox for the de-mapping file operates normally, and responding to the operation request of the de-mapping file in the operation sandbox for the de-mapping file when the operation sandbox for the de-mapping file operates normally.
And 340, acquiring the operation of the off-disk file, and writing operation information into an off-disk file log operated in the off-disk file operation sandbox.
And 350, when the operation request of the off-disk file is completed, eliminating the sandbox process, encrypting the off-disk file, the off-disk file log and the sandbox, and eliminating the off-disk file log recording process.
And step 360, when the network environment meets the requirements, sending the off-disk log file to the network disk so that the network disk can acquire the operation information of the off-disk file.
In this embodiment, the off-disk file is specifically optimized as follows: an off-disk encrypted file, the off-disk encrypted file comprising: off-tray files, off-tray file logs, and sandboxes; correspondingly, after receiving the operation request of the off-disk file, before detecting whether the log recording process of the off-disk file normally operates, the following steps are added: decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file; and generating an off-disk file log recording process in the decryption process. The method can effectively avoid the condition that the log recording process of the disk-leaving file is stored in the system process for a long time and then is mistakenly killed, and can avoid the condition that the log cannot normally operate and operate due to the mistaken killing process while realizing the purpose of recording the operation and operation of the disk-leaving file.
Example four
Fig. 4 is a schematic structural diagram of an off-disk file tracing apparatus according to a fourth embodiment of the present invention, and as shown in fig. 4, the apparatus includes:
a log recording process detection module 410, configured to detect whether a log recording process of the off-disk file runs normally when an operation request of the off-disk file is received, where the log of the off-disk file is generated when the off-disk file is downloaded by a network disk, and is packaged in the off-disk file, and a log recording process of the off-disk file is implanted when the off-disk file is downloaded;
the starting module 420 is configured to start the off-disk file operation sandbox when the off-disk file log recording process runs normally;
a judging module 430, configured to judge whether the off-shelf file operation sandbox operates normally, and when the off-shelf file operation sandbox operates normally, respond to an operation request of an off-shelf file in the off-shelf file operation sandbox;
a write-in module 440, configured to obtain an operation of the off-tray file, and write operation information in an off-tray file log that runs in the off-tray file operation sandbox;
the sending module 450 is configured to send the off-disk log file to the network disk when the network environment meets the requirement.
The off-disk file tracing device provided by this embodiment detects whether an off-disk file log recording process normally operates when an operation request of an off-disk file is received, where the off-disk file log is generated by a network disk when the off-disk file is downloaded and is encapsulated in the off-disk file, and a corresponding off-disk file log recording process is implanted when the off-disk file is downloaded; starting a log recording process of the off-disk file, and starting an off-disk file operation sandbox when the log recording process of the off-disk file normally runs; judging whether the operation sandbox of the de-mapping file operates normally or not, and starting the de-mapping file in the operation sandbox of the de-mapping file to respond to the operation request of the de-mapping file when the operation sandbox of the de-mapping file operates normally; obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox; and when the network environment meets the requirements, sending the disk-off log file to the network disk so that the network disk can acquire the operation information of the disk-off file. The network disk can add the off-disk log file in the file downloading process, start the log recording process when the off-disk file runs, and record various operation information of the off-disk file. Under the condition that the network environment allows, the off-disk file log can be uploaded to the network disk, various operation information of the off-disk file can be acquired through the network disk, and the information of the off-disk file can be traced.
On the basis of the above embodiments, the operation information is executed, and includes:
device name, device ID, and operating time.
On the basis of the above embodiments, the executing operation includes: previewing, viewing and editing;
the write module includes:
and the writing unit is used for generating a new version running log when the running operation is editing and writing the running operation information into the new version log.
On the basis of the foregoing embodiments, the writing unit is configured to:
and after the operation of saving after the edition is detected, generating a new version log, and recording the information of the edition operation in the new version log.
On the basis of the foregoing embodiments, the off-disk file is an off-disk encrypted file, and the off-disk encrypted file includes: off-tray files, off-tray file logs, and sandboxes;
correspondingly, the device further comprises:
the decryption module is used for decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file;
and the generating module is used for generating a log recording process of the off-disk file in the decryption process.
On the basis of the above embodiment, the starting module includes:
the judging unit is used for judging whether the network connection with the network disk can be established or not when the log recording process of the off-disk file normally runs;
and the starting unit is used for starting the off-disk file operation sandbox when the network connection with the network disk can be established.
The off-disk file tracing device provided by the embodiment of the invention can execute the off-disk file tracing method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a terminal according to a fifth embodiment of the present invention. Fig. 5 illustrates a block diagram of an exemplary terminal 12 suitable for use in implementing embodiments of the present invention. The terminal 12 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, the terminal 12 is embodied in the form of a general purpose computing device. The components of the terminal 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Terminal 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by terminal 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache 32. The terminal 12 can further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The terminal 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the terminal 12, and/or any devices (e.g., network card, modem, etc.) that enable the terminal 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the terminal 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the terminal 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the terminal 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others. The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, implementing the off-disk file tracing method provided by the embodiment of the present invention.
EXAMPLE six
The sixth embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform any one of the above-mentioned off-disk file tracing methods provided in the foregoing embodiments.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing description is only exemplary of the invention and that the principles of the technology may be employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (9)

1. A method for tracing an off-disk file is characterized by comprising the following steps:
when receiving an operation request of an off-disk file, detecting whether an off-disk file log recording process normally runs, wherein the off-disk file log is generated when a network disk downloads the off-disk file, is packaged in the off-disk file, and is implanted with a corresponding off-disk file log recording process when the off-disk file is downloaded, the off-disk file is an off-disk encrypted file, and the off-disk encrypted file comprises: off-tray files, off-tray file logs, and sandboxes;
decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file;
generating an off-disk file log recording process in a decryption process;
when the log recording process of the off-tray file normally runs, starting an off-tray file operation sandbox, wherein the off-tray file operation sandbox is used for avoiding that the operation of a local system influences the operation of the off-tray file and the log recording of the off-tray file;
judging whether the off-tray file operation sandbox normally operates or not, and responding to an operation request of the off-tray file in the off-tray file operation sandbox when the off-tray file operation sandbox normally operates;
obtaining the operation of the off-tray file, and writing operation information into an off-tray file log operated in the off-tray file operation sandbox;
and when the network environment meets the requirements, sending the off-disk log file to the network disk.
2. The method of claim 1, wherein the running operation information comprises:
device name, device ID, and operating time.
3. The method of claim 1, wherein the executing operation comprises: previewing, viewing and editing;
when the operation is editing, writing operation information in the log of the off-disk file running in the off-disk file operation sandbox, including:
and generating a new version running log, and writing running operation information into the new version log.
4. The method of claim 3, wherein generating a new version log when the execution operation is editing comprises:
and after the operation of saving after the edition is detected, generating a new version log, and recording the information of the edition operation in the new version log.
5. The method of claim 1, wherein starting an off-disk file operation sandbox while the off-disk file logging process is running normally comprises:
when the log recording process of the off-disk file normally runs, judging whether network connection can be established with the network disk or not;
and starting the off-disk file operation sandbox when the network connection with the network disk can be established.
6. An off-disk file tracing device, comprising:
the off-disk file log recording process detection module is used for detecting whether the off-disk file log recording process normally runs or not when receiving an operation request of an off-disk file, generating an off-disk file log when the off-disk file is downloaded by a network disk, packaging the off-disk file log in the off-disk file, and implanting a corresponding off-disk file log recording process when the off-disk file is downloaded, wherein the off-disk file is an off-disk encrypted file, and the off-disk encrypted file comprises: off-tray files, off-tray file logs, and sandboxes;
the starting module is used for starting the off-disk file operation sandbox when the off-disk file log recording process normally runs, and the off-disk file operation sandbox is used for avoiding that the operation of a local system influences the operation of the off-disk file and the log recording of the off-disk file; the judging module is used for judging whether the off-tray file operation sandbox normally operates or not, and responding to an operation request of the off-tray file in the off-tray file operation sandbox when the off-tray file operation sandbox normally operates;
the writing module is used for acquiring the operation of the off-disk file and writing operation information into an off-disk file log operated in the off-disk file operation sandbox;
the sending module is used for sending the off-disk log file to the network disk when the network environment meets the requirement;
the decryption module is used for decrypting the off-disk encrypted file according to the operation request of the off-disk encrypted file;
and the generating module is used for generating a log recording process of the off-disk file in the decryption process.
7. The apparatus of claim 6, wherein the running operation information comprises:
device name, device ID, and operating time.
8. A terminal, characterized in that the terminal comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the off-disk file tracing method of any of claims 1-5.
9. A storage medium containing computer executable instructions which when executed by a computer processor are for performing the off-disk file tracing method of any of claims 1-5.
CN202111565276.0A 2021-12-21 2021-12-21 Off-disk file tracing method and device, terminal and storage medium Active CN113946873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111565276.0A CN113946873B (en) 2021-12-21 2021-12-21 Off-disk file tracing method and device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111565276.0A CN113946873B (en) 2021-12-21 2021-12-21 Off-disk file tracing method and device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN113946873A CN113946873A (en) 2022-01-18
CN113946873B true CN113946873B (en) 2022-05-06

Family

ID=79339285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111565276.0A Active CN113946873B (en) 2021-12-21 2021-12-21 Off-disk file tracing method and device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN113946873B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114329367B (en) * 2022-03-14 2022-07-26 天津联想协同科技有限公司 Network disk file tracing method and device, network disk and storage medium
CN114329366B (en) * 2022-03-14 2022-07-26 天津联想协同科技有限公司 Network disk file control method and device, network disk and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102902914B (en) * 2012-09-05 2015-06-03 福建伊时代信息科技股份有限公司 Method and device for achieving terminal tracelessness
CN104104650B (en) * 2013-04-02 2017-07-21 联想(北京)有限公司 data file access method and terminal device
CN106203113B (en) * 2016-07-08 2018-11-16 西安电子科技大学 The privacy leakage monitoring method of Android application file
EP4287053A3 (en) * 2018-06-28 2024-01-31 CrowdStrike, Inc. Analysis of malware
CN110968361B (en) * 2019-11-04 2021-11-23 上海交通大学 Isolation sandbox loading method
CN111241565B (en) * 2020-01-14 2022-10-18 中移(杭州)信息技术有限公司 File control method and device, electronic equipment and storage medium
CN112131571B (en) * 2020-11-20 2021-03-19 腾讯科技(深圳)有限公司 Threat tracing method and related equipment

Also Published As

Publication number Publication date
CN113946873A (en) 2022-01-18

Similar Documents

Publication Publication Date Title
US9852289B1 (en) Systems and methods for protecting files from malicious encryption attempts
US10616194B2 (en) Secure data destruction in a distributed environment using key protection mechanisms
JP6166839B2 (en) System and method for replacing application methods at runtime
US10079835B1 (en) Systems and methods for data loss prevention of unidentifiable and unsupported object types
CN113946873B (en) Off-disk file tracing method and device, terminal and storage medium
US20110060915A1 (en) Managing Encryption of Data
US10645073B1 (en) Systems and methods for authenticating applications installed on computing devices
WO2022078366A1 (en) Application protection method and apparatus, device and medium
CN104036194A (en) Vulnerability detection method and device for revealing private data in application program
CN114329367B (en) Network disk file tracing method and device, network disk and storage medium
CN108229162B (en) Method for realizing integrity check of cloud platform virtual machine
US10223538B1 (en) Preventing persistent storage of cryptographic information
JP2013164732A (en) Information processor
CN114329366A (en) Network disk file control method and device, network disk and storage medium
JP6256781B2 (en) Management device for file security to protect the system
JPWO2005103909A1 (en) Security maintenance method, data storage device, security maintenance server, and recording medium recording the program
US9887979B1 (en) Systems and methods for enabling users to launch applications without entering authentication credentials
CN111711656A (en) Network edge storage device with safety function
de Assumpção et al. Forensic method for decrypting TPM-protected BitLocker volumes using Intel DCI
US20050010752A1 (en) Method and system for operating system anti-tampering
JP7353346B2 (en) Systems and methods for preventing the injection of malicious processes into software
US10503929B2 (en) Visually configurable privacy enforcement
Verma et al. Preserving dates and timestamps for incident handling in android smartphones
Eterovic‐Soric et al. Windows 7 antiforensics: a review and a novel approach
US20220129593A1 (en) Limited introspection for trusted execution environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant