System and method for collecting forensic data via a mobile device

US 10,740,858 B2
Filed: 02/27/2014
Issued: 08/11/2020
Est. Priority Date: 02/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method for conducting forensic investigations by investigators on an investigations field, the method comprising:

receiving a digital search warrant, the digital search warrant including a search parameter for conducting a forensic investigation of a target device, wherein the digital search warrant is machine-readable and can be presented in a human-readable format;

notifying a mobile device of the digital search warrant;

receiving a user command to download the digital search warrant in response to the notifying;

downloading the digital search warrant to a forensic investigation application executing at the mobile device in response to the received user command;

booting, by the forensic investigation application at the mobile device, the target device over a data communication link between the mobile device and the target device using an operating system stored in a memory at the mobile device such that the target device is executing the operating system on the target device from a memory address in the memory of the mobile device over the data communication link and the execution of the operating system from the memory address of the memory of the mobile device on the target device causes the forensic investigation application executing at the mobile device to search the target device without user involvement;

parsing, by the forensic investigation application executing at the mobile device, the machine-readable instructions of the digital search warrant to identify the search parameter to use on the target device, the search parameter of the digital search warrant including a keyword and a file extension identifying a type of file;

searching, by the forensic investigation application executing at the mobile device, electronic documents at the target device over the data communications link between the mobile device and the target device to identify a set of electronic documents on the target device that include the keyword of the search parameter and are the type of file specified by the file extension in the digital search warrant, wherein the searching of the documents at the target device comprises only searching the files of the type of file identified by the file extension without modification of a state of the target device;

retrieving, from the target device, the set of documents that include the search parameter without modifying a state of the target device, wherein the retrieving is done by the forensic investigation application executing at the mobile device over the data communications link between the mobile device and the target device; and

storing the set of documents on the mobile device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for conducting forensic investigations by investigators on an investigations field using a mobile device. A digital search warrant is downloaded to the mobile device prior to conducting the forensic investigation. The digital search warrant defines the search parameters of the search to be conducted, including key terms, file types, and the like. The mobile device is coupled to a target device in the investigations field that is the subject of the forensic investigation. The mobile device parses the digital search warrant and automatically identifies and collects data from the target device based on the parsed digital search warrant. The automatically identifying and collecting of the data is done without modifying a state of the target device to retain forensic integrity during the investigation process.

Citations

11 Claims

1. A method for conducting forensic investigations by investigators on an investigations field, the method comprising:
- receiving a digital search warrant, the digital search warrant including a search parameter for conducting a forensic investigation of a target device, wherein the digital search warrant is machine-readable and can be presented in a human-readable format;
  
  notifying a mobile device of the digital search warrant;
  
  receiving a user command to download the digital search warrant in response to the notifying;
  
  downloading the digital search warrant to a forensic investigation application executing at the mobile device in response to the received user command;
  
  booting, by the forensic investigation application at the mobile device, the target device over a data communication link between the mobile device and the target device using an operating system stored in a memory at the mobile device such that the target device is executing the operating system on the target device from a memory address in the memory of the mobile device over the data communication link and the execution of the operating system from the memory address of the memory of the mobile device on the target device causes the forensic investigation application executing at the mobile device to search the target device without user involvement;
  
  parsing, by the forensic investigation application executing at the mobile device, the machine-readable instructions of the digital search warrant to identify the search parameter to use on the target device, the search parameter of the digital search warrant including a keyword and a file extension identifying a type of file;
  
  searching, by the forensic investigation application executing at the mobile device, electronic documents at the target device over the data communications link between the mobile device and the target device to identify a set of electronic documents on the target device that include the keyword of the search parameter and are the type of file specified by the file extension in the digital search warrant, wherein the searching of the documents at the target device comprises only searching the files of the type of file identified by the file extension without modification of a state of the target device;
  
  retrieving, from the target device, the set of documents that include the search parameter without modifying a state of the target device, wherein the retrieving is done by the forensic investigation application executing at the mobile device over the data communications link between the mobile device and the target device; and
  
  storing the set of documents on the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the search parameter comprises a keyword.
  - 3. The method of claim 1, wherein the search parameter comprises a file type.
  - 4. The method of claim 1, wherein the mobile device is a cellular phone.
  - 5. The method of claim 1, wherein the digital search warrant is downloaded to the mobile device from a website.
  - 6. The method of claim 1, wherein the mobile device is connected to the target device over a universal serial bus port, wherein the data from the target device is collected over the universal serial bus port.

7. A server for conducting forensic investigations by investigators on an investigations field, the server comprising:
- a processor; and
  
  a memory, wherein the memory stores instructions that, when executed by the processor, cause the processor to;
  
  receive, at a forensic investigation application on a mobile device, a user command to download a digital search warrant in response to a received notification that the digital search warrant is available, wherein the digital search warrant is machine-readable and can be presented in a human-readable format and the digital search warrant includes a search parameter for conducting a forensic investigation of a target device;
  
  download the digital search warrant to the forensic investigation application at the mobile device in response to the received user command;
  
  boot, by the forensic investigation application at the mobile device, the target device over a data communication link between the mobile device and the target device using an operating system stored in the memory at the mobile device such that the target device is executing the operating system on the target device from a memory address in the memory of the mobile device over the data communication link and the execution of the operating system from the memory address of the memory of the mobile device on the target device causes the forensic investigation application executing at the mobile device to search the target device without user involvement;
  
  parse, by the forensic investigation application at the mobile device, the machine-readable instructions of the digital search warrant to identify the search parameter to use on a target device, the search parameter of the digital search warrant including a keyword and a file extension identifying a type of file;
  
  search, by the forensic investigation application executing at the mobile device, electronic documents at the target device over the data communications link between the mobile device and the target device to identify a set of electronic documents on the target device that include the keyword of the search parameter and are the type of file specified by the file extension in the digital search warrant, wherein the searching of the documents at the target device comprises only searching the files of the type of file identified by the file extension without modification of a state of the target device;
  
  retrieve from the target device the set of documents that include the search parameter without modifying a state of the target device, wherein the retrieving is done by the forensic investigation application executing at the mobile device over the data communications link between the mobile device and the target device; and
  
  store the set of documents on the mobile device.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The server of claim 7, wherein the search parameter comprises a keyword.
  - 9. The server of claim 7, wherein the search parameter comprises a file type.
  - 10. The server of claim 7, wherein the mobile device is a cellular phone.
  - 11. The server of claim 7, wherein the digital search warrant is downloaded to the mobile device from a website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Original Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Inventors
McCreight, Shawn
Primary Examiner(s)
Shanker, Julie M

Application Number

US14/192,846
Publication Number

US 20140244522A1
Time in Patent Office

2,357 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 50/26   Government or public servic...

H04W 4/00   Services specially adapted ...

H04W 4/38   for collecting sensor infor...

System and method for collecting forensic data via a mobile device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for collecting forensic data via a mobile device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links