System and method for simultaneous forensic, acquisition, examination and analysis of a computer readable medium at wire speed
First Claim
1. A system for simultaneous forensic acquisition and analysis of data from a target data repository, the system comprising:
- a source agent in operative communication with the target data repository, said source agent being configured to read a portion of the target data repository;
a scheduler configured to schedule reads of the target data repository based on read commands tagged with predetermined priorities and computations based on the result of prior reads;
an investigator computer having a processor configured to send at least one prioritised read command to said source agent to schedule a read of the target data repository based on a predetermined priority; and
a data sink configured to store at least a partial forensic image of the target data repository based on the data read by said source agent, said processor being configured to permit reading from the partial forensic image, while the same partial forensic image is being written with data read based on the predetermined priorities by said source agent.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a system for simultaneous forensic acquisition and analysis of data from a target data repository. The system comprises a source agent in communication with the target data repository. The source agent is incapable of writing to the target data repository and is configured to read a portion of the target data repository. The system further comprises an investigator computer having a processor configured to send at least one prioritized read command to the source agent to schedule a read of the target data repository based on a predetermined priority. A data sink is configured to store at least a partial forensic image of the target data repository based on the data read by said source agent.
35 Citations
20 Claims
-
1. A system for simultaneous forensic acquisition and analysis of data from a target data repository, the system comprising:
-
a source agent in operative communication with the target data repository, said source agent being configured to read a portion of the target data repository; a scheduler configured to schedule reads of the target data repository based on read commands tagged with predetermined priorities and computations based on the result of prior reads; an investigator computer having a processor configured to send at least one prioritised read command to said source agent to schedule a read of the target data repository based on a predetermined priority; and a data sink configured to store at least a partial forensic image of the target data repository based on the data read by said source agent, said processor being configured to permit reading from the partial forensic image, while the same partial forensic image is being written with data read based on the predetermined priorities by said source agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for forensically analysing data during a data acquisition from a target data repository, the method comprising:
-
reading data, with a source agent, from the target data repository to a data sink to assemble a partial forensic image of the target data repository; submitting at least one prioritised read command to the source agent, the prioritised read command including a read command that is prioritised based on a pre-configured priority; scheduling, with the source agent, a data read from the target data repository based on the prioritised read command; reading data, with the source agent, from the target data repository based on the prioritised read command to the data sink; and permitting analysis of both the data in the partial forensic image and data read by the prioritized read command from the target data repository to the partial forensic image. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method for forensically analysing data during a data acquisition from a target data repository, the method comprising:
-
reading data, with a source agent, from the target data repository to a data sink to assemble a partial forensic image of the target data repository; scheduling reads of the target data repository based on read commands tagged with predetermined priorities and computations based on the result of prior reads; submitting at least one prioritized read command to a sink agent operatively connected to the data sink, the prioritised read command, based on the predetermined priorities, specifying a subset of data thought to be contained in the partial forensic image of the target data repository; and reading, with the sink agent, the subset of data from the data sink if the requested subset of data is in the partial forensic image, otherwise forwarding the prioritised read command to the source agent to obtain the requested subset of data. - View Dependent Claims (20)
-
Specification