Forensic software investigation
First Claim
1. A computer system including instructions recorded on a non-transitory computer-readable medium and executable by at least one processor, the computer system comprising:
- a server configured to at least manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, wherein the forensic investigations include technical evidence generation for each client asset associated with the client, wherein the technical evidence generation comprises contextual reporting, and wherein the contextual reporting comprises separating audit data with respect to tenants of a multi-tenant environment and correlating the audit data with respect to a reported incident, the server including;
a forensic service interface configured to at least establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, the forensic service interface providing multiple modes for the forensic service agreement, wherein the forensic service agreement includes a forensics as a service subscription, and under the forensics as a service subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, or logging of forensic data related to the client assets associated with the client;
a forensic data handler configured to at least acquire forensic data related to each client asset associated with the client, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset, wherein the forensic data handler acquires the forensic data according to a selected mode of the multiple modes for the forensic service agreement; and
a forensic engine configured to at least generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.
27 Citations
19 Claims
-
1. A computer system including instructions recorded on a non-transitory computer-readable medium and executable by at least one processor, the computer system comprising:
a server configured to at least manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, wherein the forensic investigations include technical evidence generation for each client asset associated with the client, wherein the technical evidence generation comprises contextual reporting, and wherein the contextual reporting comprises separating audit data with respect to tenants of a multi-tenant environment and correlating the audit data with respect to a reported incident, the server including; a forensic service interface configured to at least establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, the forensic service interface providing multiple modes for the forensic service agreement, wherein the forensic service agreement includes a forensics as a service subscription, and under the forensics as a service subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, or logging of forensic data related to the client assets associated with the client; a forensic data handler configured to at least acquire forensic data related to each client asset associated with the client, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset, wherein the forensic data handler acquires the forensic data according to a selected mode of the multiple modes for the forensic service agreement; and a forensic engine configured to at least generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. A computer program product tangibly embodied on a non-transitory computer-readable storage medium including instructions that, when executed by at least one processor, are configured to at least:
manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, wherein the forensic investigations include technical evidence generation for each client asset associated with the client, wherein the technical evidence generation comprises contextual reporting, and wherein the contextual reporting comprises separating audit data with respect to tenants of a multi-tenant environment and correlating the audit data with respect to a reported incident, the non-transitory computer-readable storage medium further including instructions that, when executed by the at least one processor, are further configured to at least; establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, wherein multiple modes are provided for the forensic service agreement, and wherein the forensic service agreement includes a forensics as a service subscription, and under the forensics as a service subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, or logging of forensic data related to the client assets associated with the client; acquire forensic data related to each client asset associated with the client, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset, wherein the forensic data is acquired according to a selected mode of the multiple modes for the forensic service agreement; generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset; and persist the one or more client inventory records and the one or more client evidence records in a data store. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. A computer-implemented method, comprising:
managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, wherein the forensic investigations include technical evidence generation for each client asset associated with the client, wherein the technical evidence generation comprises contextual reporting, and wherein the contextual reporting comprises separating audit data with respect to tenants of a multi-tenant environment and correlating the audit data with respect to a reported incident, the computer-implemented method further comprising; establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, including provision of multiple modes for the forensic service agreement, wherein the forensic service agreement includes a forensics as a service subscription, and under the forensics as a service subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, or logging of forensic data related to the client assets associated with the client; receiving at least one request from the client for forensic investigation of the client assets associated with the client based on the forensic service agreement established between the client and the cloud service provider; acquiring forensic data related to each client asset associated with the client, wherein the forensic data is acquired according to a selected mode of the multiple modes for the forensic service agreement; searching one or more client inventory records for suspicious activity related to each client asset associated with the client; generating one or more client evidence records for each client asset including forensic data related to suspicious activity associated with each client asset based the one or more client inventory records for each client asset; and persisting in a data store the one or more client inventory records and the one or more client evidence records including forensic data related to suspicious activity associated with each client asset.
Specification