EXTENSIBLE SOFTWARE TOOL FOR INVESTIGATING PEER-TO-PEER USAGE ON A TARGET DEVICE

US 20090165142A1
Filed: 08/12/2008
Published: 06/25/2009
Est. Priority Date: 12/21/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium comprising instructions that cause one or more processors to:

determine whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients;

gather usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device;

analyze the gathered usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device; and

generate a report of the analyzed gathered usage information for the one or more peer-to-peer clients.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the invention provides for analyzing a target computer for computer crimes such as illegal sharing of files or sharing of illegal files on peer-to-peer clients. The target computer may have software for a plurality of peer-to-peer clients. Only one extensible forensic device may be necessary to analyze the plurality of peer-to-peer clients for downloaded or shared files. For example, the invention may provide for a method comprising determining whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients. The method further includes, gathering usage information for the one or more peer-to-peer clients that had been determined to be installed on the target computer, analyzing the usage information, and automatically generating a report of the analyzed usage information.

33 Citations

View as Search Results

26 Claims

1. A computer-readable medium comprising instructions that cause one or more processors to:
- determine whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients;
  
  gather usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device;
  
  analyze the gathered usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device; and
  
  generate a report of the analyzed gathered usage information for the one or more peer-to-peer clients.

2. A method comprising:
- determining, by a forensic system that includes a target device, whether one or more peer-to-peer clients are or have been installed on the target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients;
  
  gathering, by the forensic system, usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device;
  
  analyzing, by the forensic system, the gathered usage information for the one or more peer-to-peer clients; and
  
  automatically generating, by the forensic system, a report of the analyzed gathered usage information for the one or more peer-to-peer clients.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 3. The method of claim 2, wherein determining whether one or more peer-to-peer clients are or have installed on a target device comprises analyzing data fields in a configuration file associated with the one or more peer-to-peer modules, wherein the data fields describe items to be searched on the target device.
  - 4. The method of claim 3, wherein the configuration file is an extensible markup language (XML) file.
  - 5. The method of claim 3, wherein the configuration file comprises client data, installation artifacts, and usage artifacts.
  - 6. The method of claim 5, wherein the client data identifies a name and a version of the peer-to-peer client, and a name of a peer-to-peer plug-in associated with the peer-to-peer client.
  - 7. The method of claim 5, wherein the installation artifacts comprises at least one of files, directories, and registry keys indicating that the peer-to-peer client is or has been installed on the target device.
  - 8. The method of claim 5, wherein the usage artifacts comprise at least one of log, setup, cache, and shared files and directories.
  - 9. The method of claim 2, wherein the usage information comprises at least one of configuration and log information for the peer-to-peer client, peer servers contacted by the target device, files downloaded by the target device, and files shared by the target device.
  - 10. The method of claim 2, wherein analyzing the gathered usage information comprises at least one of displaying the gathered usage information by launching an appropriate viewer, displaying details of configuration and log entries, and searching for files.
  - 11. The method of claim 10, wherein searching for files comprises searching for files based on at least one of a set of hashes, a file name, a download and sharing status, a modification time, a user that downloaded or is sharing at least one of the files, and a P2P client that downloaded or is sharing at least one of the files.
  - 12. The method of claim 2, wherein the report comprises at least one of an audit log and a summary report.
  - 13. The method of claim 2, wherein the target device is at least one of a desktop computer, a laptop computer, a personal digital assistant (PDA), a handheld device, a hard drive, memory storage, copy of memory storage of a computing device, and image of memory storage of a computing device.

14. A forensic system comprising;
- a forensic device coupled to a target device; and
  
  a software tool, executable by the forensic device to analyze and extract data from the target device,wherein the software tool, when executed, determines whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients, gathers usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device, analyzes the gathered usage information for the one or more peer-to-peer clients that had been determined to be installed on the target device, and generates a report of the analyzed gathered usage information for the one or more peer-to-peer clients.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The forensic system of claim 14, wherein the forensic device is at least one of a desktop computer, a laptop computer, a personal digital assistant (PDA), and a handheld device.
  - 16. The forensic system of claim 14, wherein the target device is at least one of a desktop computer, a laptop computer, a personal digital assistant (PDA), a handheld device, a hard drive, memory storage, copy of memory storage of a computing device, and image of memory storage of a computing device.
  - 17. The forensic system of claim 14, wherein the software tool is installed on the target device making the forensic device a part of the target device.
  - 18. The forensic system of claim 14, wherein the software tool determines whether one or more peer-to-peer clients are or have been installed on the target device by analyzing data fields in a configuration file associated with a peer-to-peer plug-in, wherein the data fields describe items to be searched on the target device.
  - 19. The forensic system of claim 18, wherein the configuration file is an extensible markup language (XML) file.

20. A forensic device comprising:
- an analysis control module configured to extract and analyze data for one or more peer-to-peer clients that are or have been installed on a target device;
  
  one or more peer-to-peer plug-ins that interface the analysis control module to the one or more peer-to-peer clients;
  
  one or more configuration files comprising data details for the one or more peer-to-peer clients; and
  
  a storage unit that stores the extracted and analyzed data from the analysis control module,wherein each peer-to-peer plug-in interfaces the analysis control module to one of the one or more peer-to-peer clients,wherein each configuration file comprises data details for one of the one or more peer-to-peer clients, andwherein each configuration file is associated with one of the one or more peer-to-peer plug-ins.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The forensic device of claim 20, wherein the data details for the one or more peer-to-peer clients comprises client data, installation artifacts, and usage artifacts.
  - 22. The forensic device of claim 21, wherein the client data identifies a name and a version of the peer-to-peer client, and a name of a peer-to-peer plug-in associated with the peer-to-peer client.
  - 23. The forensic device of claim 21, wherein the installation artifacts comprise at least one of files, directories, and registry keys that indicate that the peer-to-peer client is or has been installed on the target device.
  - 24. The forensic device of claim 21, wherein the usage artifacts comprise at least one of log, setup, cache, and shared files and directories.
  - 25. The forensic device of claim 20, wherein the storage unit is at least one of hard drive and random access memory (RAM).
  - 26. The forensic device of claim 20, wherein the each one of the one or more configuration files is an extensible markup language (XML) file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Adelstein, Frank N., Powers, Judson, Joyce, Robert A., Bronner, Derek

Granted Patent

US 7,886,049 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 43/065   related to network devices

H04L 43/0876   Network utilisation, e.g. v...

H04L 63/1425   Traffic logging, e.g. anoma...

EXTENSIBLE SOFTWARE TOOL FOR INVESTIGATING PEER-TO-PEER USAGE ON A TARGET DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

EXTENSIBLE SOFTWARE TOOL FOR INVESTIGATING PEER-TO-PEER USAGE ON A TARGET DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others