1. Field of the Invention
The present invention is related to data backup and recovery technology and more particularly, to a non-relational database for emulation of a file system.
2. Description of the Related Art
Over the past decade files systems and system registries have become larger and significantly more complex. An ability to emulate a file system and a system registry is critical in terms of security and data recovery. Emulation is often used for anti-virus and intrusion detection procedures. In order to analyze behavior of malware and viruses and collect statistics, a file system is emulated and the viruses are run on the emulated files system. Modern viruses often infect hundreds and even thousands of files of a computer file system simultaneously. Thus, large volumes of data need to be emulated and processed.
However, existing emulators do not provide extensibility and scalability needed for emulating the scenarios presented by the modern malware applications that simultaneously access and modify a large number of files. The existing emulators are very slow when emulating these types of environments. They lack in processing speed as they depend on conventional database systems not capable of supporting full scale file system emulation.
Another problem in using the emulators for malware analysis is that each malware component modifies the file system and a new (i.e., clean) file system needs to be loaded into the emulator for analyzing another malware component and collecting statistics needed. Therefore, a method for a rapid recovery of the file system is needed in order to repeatedly emulate the file system for testing and analyzing it with another malware component.
The existing database systems do not allow for rapid data recovery after multiple modifications of a database fragment. Conventional relational databases are quite slow and cannot easily process very large volumes of data as the ones required by an emulator. Non-relational databases are faster and can provide better data recovery, but they are very difficult to implement. Additionally both types of existing databases are not sufficient for robust and efficient emulation of a file system and for recovery of a database fragment used by the emulator.
Accordingly, there is a need in the art for a non-relational database architecture that can meet the requirements of modern emulators and is easy to implement.