Method and System for forensic investigation of internet resources
First Claim
1. A method to perform one or more examinations on an input internet resource;
- where the result of each of said examinations is comprised of zero or more output internet resources or textual information or graphical information;
where each of said output internet resources is used as input for one or more examinations using said method;
where said method is applied on output internet resources acting is input internet resources in a recursive fashion;
where said method reveals relations, dependencies and connections between internet resources;
where said method reveals background information on internet resources;
where said background information comprises contact information of a person or company owning, managing or operating said internet resource.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention involves a Method and System for a forensic investigation of internet resources (IP addresses, e-mail addresses, website addresses, SSL certificates, routing table lines etc.) in order to reveal relations, dependencies and connections between these internet resources. Starting from a given internet resource, a set of examinations is performed (name server queries, Whois information lookups, initiating a connection using various protocols etc.) to retrieve background information and related internet resources. The examinations are performed recursively on the related internet resources until relevant information is found, typically contact information of a person or company owning, managing or operating an internet resource. All results are displayed in a hierarchical tree view. The invention supports investigations where the origin of internet communication (e.g. e-mail) must be determined. The invention also supports investigations where the origin, owner and location of content published on the internet must be established or where the origin of a hacking attempt or unauthorized access to a system must be determined.
24 Citations
14 Claims
-
1. A method to perform one or more examinations on an input internet resource;
- where the result of each of said examinations is comprised of zero or more output internet resources or textual information or graphical information;
where each of said output internet resources is used as input for one or more examinations using said method;
where said method is applied on output internet resources acting is input internet resources in a recursive fashion;
where said method reveals relations, dependencies and connections between internet resources;
where said method reveals background information on internet resources;
where said background information comprises contact information of a person or company owning, managing or operating said internet resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- where the result of each of said examinations is comprised of zero or more output internet resources or textual information or graphical information;
-
13. A system to perform one or more examinations on an input internet resource;
- where the result of each of said examinations is comprised of zero or more output internet resources or textual information or graphical information;
where each of said output internet resources is used as input for one or more examinations using said method;
where said method is applied on output internet resources acting is input internet resources in a recursive fashion;
where said method reveals relations, dependencies and connections between internet resources;
where said method reveals background information on internet resources;
where said background information comprises contact information of a person or company owning, managing or operating said internet resource. - View Dependent Claims (14)
- where the result of each of said examinations is comprised of zero or more output internet resources or textual information or graphical information;
Specification