System and method for searching for static data in a computer investigation system
First Claim
1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
- receiving at the client device a search key;
identifying by the client device a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device;
streaming by the client device the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched;
receiving and processing by respectively the first and second target devices the streamed first and second file extents;
concurrently searching by respectively the first and second target devices a range of data specified in each received first and second file extent for the search key; and
generating search results by the first and second target devices based on respective searches.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.
69 Citations
22 Claims
-
1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
-
receiving at the client device a search key;
identifying by the client device a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device;
streaming by the client device the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched;
receiving and processing by respectively the first and second target devices the streamed first and second file extents;
concurrently searching by respectively the first and second target devices a range of data specified in each received first and second file extent for the search key; and
generating search results by the first and second target devices based on respective searches. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer investigation system comprising:
-
a client device;
first and second target devices coupled to the client device over a data communications network;
first and second storage devices coupled respectively to the first and second target devices; and
a server brokering secure communication between the client device and the first and second target devices over the data communications network, wherein the client device receives a search key, identifies a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device, and streams the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched, the first and second target devices respectively receiving and processing the streamed first and second file extents, respectively searching a range of data specified in each received first and second file extent for the search key, and respectively generating a search result based on the search. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. In a networked computer investigation system, a client device investigating data stored in first and second storage devices respectively coupled to first and second target devices, the client device comprising:
-
a processor;
a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including;
receiving a search key;
identifying a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device;
streaming the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched; and
receiving first and second search results from respectively the first and second target devices, the first and second target devices being configured to concurrently search a range of data specified in a received file extent and generate a search result in response. - View Dependent Claims (20, 21, 22)
-
Specification