Automated evidence gathering

US 20070250699A1
Filed: 04/20/2006
Published: 10/25/2007
Est. Priority Date: 04/20/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an instruction from a server at a target machine;

executing a pre-recorded action sequence in response to the received instruction to capture evidence data;

annotating the captured evidence data with meta-data; and

sending the annotated evidence data to the server from the target machine.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Evidence gathering and analysis from networked machines can be automated and made policy-based. In one embodiment, the present invention includes, a networked machine receiving an instruction from a server to execute a pre-recorded action sequence designed to capture evidence data. The machine can annotate the captured evidence data with meta-data, and send the annotated evidence data to the server. The server can then perform analysis on the collected evidence data and present the evidence data and the analysis to an administrator.

Citations

21 Claims

1. A method comprising:
- receiving an instruction from a server at a target machine;
  
  executing a pre-recorded action sequence in response to the received instruction to capture evidence data;
  
  annotating the captured evidence data with meta-data; and
  
  sending the annotated evidence data to the server from the target machine.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein executing the pre-recorded action sequence comprises executing a pre-recorded sequence of keystroke and mouse-click actions.
  - 3. The method of claim 2, wherein executing the pre-recorded sequence of keystroke and mouse-click actions comprises opening a target application on the target machine, creating a target view of the target application, and capturing a screenshot of the target view.
  - 4. The method of claim 3, wherein creating the target view comprises generating a report using the target application.
  - 5. The method of claim 3, wherein executing the pre-recorded sequence of keystroke and mouse-click actions further comprises closing the target application to restore an original state of the target machine.
  - 6. The method of claim 3, wherein annotating the captured evidence with meta-data comprises annotating the captured screenshot with one or more of an identifier of the target machine, an identifier of the target application, a timestamp associated with the capturing of the evidence data.

7. A method performed by a compliance management system comprising:
- instructing a plurality of machines to gather evidence data by capturing screenshots of target views;
  
  receiving the evidence data from the plurality of machines; and
  
  storing the received evidence data.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein instructing the plurality of machines comprises sending to each of the plurality of machines an action sequence to execute, the action sequence comprising a pre-recorded sequence of keystrokes, mouse-clicks, and screenshot captures.
  - 9. The method of claim 8, wherein the instructing of the plurality of machines and the storing of the received evidence data is done according to an evidence policy.
  - 10. The method of claim 9, wherein the evidence policy comprises the action sequence and an indication of a location to store the received evidence data.
  - 11. The method of claim 7, further comprising removing duplicate screenshots from the evidence data received from the plurality of machines.
  - 12. The method of claim 11, further comprising retaining meta-data associated with removed duplicate screenshots.
  - 13. The method of claim 7, further comprising determining a baseline evidence data by counting the numbers of identical screenshots received from the plurality of the machines.

14. A user interface comprising:
- a policy editor to create and edit an evidence policy used to collect evidence data from a remote machine, the policy editor comprising graphic controls to record of an action sequence of keystrokes, mouse-clicks, and screenshots.
- View Dependent Claims (15, 16)
- - 15. The user interface of claim 14, wherein the graphic controls include a start action sequence button operable to begin the recording of the action sequence and an end action sequence button operable to finish the recording of the action sequence.
  - 16. The user interface of claim 15, wherein the start action sequence button and end action sequence button comprise the same button.

17. A compliance management system comprising:
- a network interface to send an instruction to a plurality of machines to gather evidence data by capturing screenshots of target views, and to receive the evidence data from the plurality of machines; and
  
  a data store to store the received evidence data.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The compliance management system of claim 17, wherein the instruction comprises a pre-recorded action sequence of keystrokes, mouse-clicks, and screenshot captures.
  - 19. The compliance management system of claim 17, further comprising a processor to determine a location to store the received evidence data based on an evidence policy associated with the sending of the instruction.
  - 20. The compliance management system of claim 19, wherein the processor is further to remove duplicate screenshots from the evidence data received from the plurality of machines.
  - 21. The compliance management system of claim 19, wherein the processor is further to generate an alert by comparing the screenshots captured in the received evidence data with a baseline screenshot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Resolver Inc.
Original Assignee
Agilence Incorporated
Inventors
Dube, Jean-Francois, Wong, William

Granted Patent

US 7,810,156 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06Q 10/10 Office automation; Time man...

Automated evidence gathering

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Automated evidence gathering

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links