System and method for searching for static data in a computer investigation system

US 20060101009A1
Filed: 12/21/2005
Published: 05/11/2006
Est. Priority Date: 06/20/2002
Status: Active Grant

First Claim

Patent Images

1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:

receiving at the client device a search key;

identifying by the client device a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device;

streaming by the client device the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched;

receiving and processing by respectively the first and second target devices the streamed first and second file extents;

concurrently searching by respectively the first and second target devices a range of data specified in each received first and second file extent for the search key; and

generating search results by the first and second target devices based on respective searches.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.

69 Citations

View as Search Results

22 Claims

1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
- receiving at the client device a search key;
  
  identifying by the client device a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device;
  
  streaming by the client device the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched;
  
  receiving and processing by respectively the first and second target devices the streamed first and second file extents;
  
  concurrently searching by respectively the first and second target devices a range of data specified in each received first and second file extent for the search key; and
  
  generating search results by the first and second target devices based on respective searches.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - maintaining by the client device a file directory of files stored in the first and second storage devices; and
      
      retrieving by the client device file properties information on the first and second files.
  - 3. The method of claim 2, wherein the file properties information includes file access information streamed to the first and second target devices for respectively accessing the first and second files.
  - 4. The method of claim 1 further comprising:
    - storing the received first and second file extents in respectively first and second in-queues at respectively the first and second target devices;
      
      monitoring by the client device fullness of the first and second in-queues; and
      
      responsive to the monitoring, streaming by the client device a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device.
  - 5. The method of claim 4 further comprising:
    - storing first and second search results in respectively first and second out-queues at respectively the first and second target devices;
      
      polling a particular out-queue coupled to a particular target device by the client device during a polling period; and
      
      streaming by the particular target device one or more search results stored in the particular out-queue responsive to the poll.
  - 6. The method of claim 1 further comprising:
    - establishing secure communication between a server and the client device over a data communications network;
      
      establishing secure communication between the server and each of the target devices over the data communications network; and
      
      establishing secure communication between the client device and each of the target devices over the data communications network.
  - 7. The method of claim 1 further comprising:
    - identifying by the client device a third file stored in a particular storage device coupled to a particular target device;
      
      retrieving file properties of the third file;
      
      determining based on the file properties whether the third file meets one or more filter criteria;
      
      transmitting a request to the particular target device for the third file responsive to the determination;
      
      receiving the third file from the particular target device-responsive to the request;
      
      locally searching the third file by the client device responsive to the filtering.
  - 8. The method of claim 7, wherein the one or more filter criteria is a size of the third file.
  - 9. The method of claim 1, wherein the first and second storage devices are hard disks.

10. A computer investigation system comprising:
- a client device;
  
  first and second target devices coupled to the client device over a data communications network;
  
  first and second storage devices coupled respectively to the first and second target devices; and
  
  a server brokering secure communication between the client device and the first and second target devices over the data communications network, wherein the client device receives a search key, identifies a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device, and streams the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched, the first and second target devices respectively receiving and processing the streamed first and second file extents, respectively searching a range of data specified in each received first and second file extent for the search key, and respectively generating a search result based on the search.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the client device maintains a file directory of files stored in the first and second storage devices and retrieves file property information on the first and second files.
  - 12. The system of claim 11, wherein the file properties information includes file access information streamed to the first and second target devices for respectively accessing the first and second files.
  - 13. The system of claim 10 further comprising:
    - first and second in-queues respectively coupled to the first and second target devices, the first and second in-queues respectively storing the received first and second file extents, wherein the client device monitors fullness of the first and second in-queues and, responsive to the monitoring, streams a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device.
  - 14. The system of claim 13 further comprising:
    - first and second out-queues respectively coupled to the first and second target devices, the first and second out-queues respectively storing first and second search results, wherein the client device polls a particular out-queue coupled to a particular target device during a polling period and, responsive to the poll, the particular target device streams one or more search results stored in the particular out-queue.
  - 15. The system of claim 10, wherein the server establishes secure communication with the client device over a data communications network and further establishes secure communication with each of the target devices for allowing secure communication between the client device and each of the target devices.
  - 16. The system of claim 10, wherein the client device identifies a third file stored in a particular storage device coupled to a particular target device, retrieves file properties of the third file, determines based on the file properties whether the third file meets one or more filter criteria, transmits a request to the particular target device for the third file responsive to the determination, receives the third file from the particular target device responsive to the request, and locally searches the third file responsive to the filtering.
  - 17. The system of claim 16, wherein the one or more filter criteria is a size of the third file.
  - 18. The system of claim 10, wherein the first and second storage devices are hard disks.

19. In a networked computer investigation system, a client device investigating data stored in first and second storage devices respectively coupled to first and second target devices, the client device comprising:
- a processor;
  
  a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including;
  
  receiving a search key;
  
  identifying a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device;
  
  streaming the search key and a plurality of first file extents associated with the first file to the first target device and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a specific range of data to be searched; and
  
  receiving first and second search results from respectively the first and second target devices, the first and second target devices being configured to concurrently search a range of data specified in a received file extent and generate a search result in response.
- View Dependent Claims (20, 21, 22)
- - 20. The client device of claim 19 further comprising:
    - a file manager maintaining a file directory of files stored in the first and second storage devices and retrieving file properties information on the first and second files.
  - 21. The client device of claim 20, wherein the file properties information includes file access information streamed to the first and second target devices for respectively accessing the first and second files.
  - 22. The client device of claim 21, wherein the computer instructions further comprise:
    - identifying a third file stored in a particular storage device coupled to a particular target device;
      
      retrieving file properties of the third file;
      
      determining based on the file properties whether the third file meets one or more filter criteria;
      
      transmitting a request to the particular target device for the third file responsive to the determination;
      
      receiving the third file from the particular target device responsive to the request; and
      
      locally searching the third file responsive to the filtering.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Original Assignee
Guidance Software Incorporated (Open Text Corporation)
Inventors
McCreight, Shawn, Weber, Dominik

Granted Patent

US 7,711,728 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/14 Details of searching files ...

System and method for searching for static data in a computer investigation system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for searching for static data in a computer investigation system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links