Patent attributes
A system and method preserve forensic computer data to remediate data attacks on a computer system. The method includes receiving evidentiary data from a data source, wherein the evidentiary data is related to the processing of information by a computer system, storing the evidentiary data as forensic data in a protected hardware-based forensic data reserve, and detecting a data attack on the computer system. In the event of the data attack having occurred, the method retrieves the stored forensic data from the forensic data reserve, and remediates the data attack including restoring deleted data using the retrieved forensic data, wherein the deleted data were removed from the computer system during the data attack. The system implements the method.
