×

Configurable investigative tool

  • US 10,057,298 B2
  • Filed: 02/10/2011
  • Issued: 08/21/2018
  • Est. Priority Date: 02/10/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • presenting, with an investigative device, a user interface configured to receive input, from a user, that specifies a plurality of different user-defined investigative profiles, each of the investigative profiles identifying a plurality of tools, defining a sequence in which the tools are to be invoked by an investigative device for an investigation of a target computing device, and defining a reporting structure of data collected from the investigation for the particular investigation, wherein at least two of the plurality of tools are configured to acquire different types of data from the target computing device as part of the investigation of the target computing device;

    generating and storing, in response to the input, the plurality of investigative profiles, wherein one or more of the investigative profiles are non-executable data configuration information files arranged as text that specifies the plurality of tools, define the sequence in which the tools are to be invoked by the investigative device for the investigation of the target computing device, and define the reporting structure of data collected from the investigation for the particular investigation, and wherein at least two of the investigative profiles specify different sequences for invoking the tools;

    receiving a selection of one of the investigative profiles;

    configuring, responsive to the selection of one of the investigative profiles, an investigative tool on the investigative device for execution, on the target computing device, with the plurality of tools identified by the selected investigative profile to allow for collection of all desired data with one investigation of the target computing device and reporting of the collected data in the reporting structure defined by the selected investigative profile, wherein the investigative tool is configurable to operate in accordance with any of the plurality of investigative profiles;

    establishing, with the investigative tool, a communication link with the target computing device, the communication link including at least an input socket between the investigative device on which the investigative tool is configured and the target computing device and a file transfer socket between the investigative device on which the investigative tool is configured and the target computing device for communicating with the target computing device;

    automatically transferring, with the investigative device the tools identified by the selected profile and a remote agent, via the input socket, to the target computing device;

    configuring, with the investigative tool, the remote agent on the target computing device to control execution, on the target computing device, of the tools identified by the selected investigative profile and in the sequence defined by the investigative profile;

    receiving, with the investigative tool executing on the investigative device and from the remote agent via the file transfer socket, data acquired from the target computing device by the execution of the tools identified in the selected investigative profile and in the sequence defined by the selected investigative profile; and

    outputting, with the investigative tool executing on the investigative device, results of the data acquired from the target computing device, by the execution of the tools identified in the investigative profile, in the defined reporting structure.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×