AUTOMATED FORENSIC DOCUMENT SIGNATURES
First Claim
1. A computerized method of proactively generating and querying computer forensic evidence for a computer system, comprising the steps of:
- generating a representation of content of at least one target within a set of targets; and
generating an inverted index of the set of targets, wherein the inverted index is associated with representations of the content of each target of the set of targets.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
-
Citations
19 Claims
-
1. A computerized method of proactively generating and querying computer forensic evidence for a computer system, comprising the steps of:
-
generating a representation of content of at least one target within a set of targets; and generating an inverted index of the set of targets, wherein the inverted index is associated with representations of the content of each target of the set of targets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium that configures a computer system to perform a method of proactively generating and comparing computer forensic evidence for a computer system, the method comprising the steps of:
-
generating a representation of content of at least one target within a set of targets; and generating an inverted index of the set of targets, wherein the inverted index is associated with representations of the content of each target of the set of targets.
-
-
19. Apparatus for proactively generating and comparing computer forensic evidence, comprising:
-
a processor arranged to generate a representation of content of at least one target within a set of targets; and a processor arranged to generate an inverted index of the set of targets, wherein the inverted index is associated with representations of the content of each target of the set of targets.
-
Specification