Workflow collaboration in a forensic investigations system

US 20090171961A1
Filed: 12/28/2007
Published: 07/02/2009
Est. Priority Date: 12/28/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for analyzing forensic evidence data, the method comprising:

receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece;

filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes;

receiving a first user command for the filtered evidence pieces;

generating a separate workflow item for each of the filtered evidence pieces in response to the first user command;

receiving a second user command for the workflow items;

identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and

assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for centralized workflow collaboration that invokes the skills of different experts to carry out investigation of forensic evidence data and generate a forensic report. A centralized workflow system stores attributes, annotations, reports, and other information associated with collected forensic evidence data. The attributes associated with the evidence data are used to narrow the evidence data without actually reviewing the contents of the evidence, and to assign the review of the contents of the narrowed evidence to experts who are deemed to have the qualifications necessary to perform the review. The assignment of a workflow task to a particular expert may be manual or automatic. The generating of workflow tasks may also be automatic in response to evidence processing.

34 Citations

View as Search Results

22 Claims

1. A computer-implemented method for analyzing forensic evidence data, the method comprising:
- receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece;
  
  filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes;
  
  receiving a first user command for the filtered evidence pieces;
  
  generating a separate workflow item for each of the filtered evidence pieces in response to the first user command;
  
  receiving a second user command for the workflow items;
  
  identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and
  
  assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the attributes are metadata information.
  - 3. The method of claim 1, wherein the filtering of the evidence pieces does not invoke examination of contents of the evidence pieces.
  - 4. The method of claim 1, wherein the assigning includes:
    - maintaining an expert list in association with each of the plurality of attributes;
      
      identifying the expert list associated with the filter criteria; and
      
      identifying a person from the expert list.
  - 5. The method of claim 1 further comprising:
    - generating annotations for one or more of the filtered evidence pieces for which a workflow item has been generated;
      
      generating labels for the annotations; and
      
      storing the annotations and the labels in association with the one or more of the filtered evidence pieces.
  - 6. The method of claim 5, wherein the annotations include notes generated based on the analysis of the contents of the one or more of the filtered evidence pieces.
  - 7. The method of claim 5 further comprising:
    - filtering the plurality of evidence pieces based on a second filter criteria for generating second filtered evidence pieces, wherein the second filter criteria includes one or more of the labels generated for the annotations;
      
      generating a second workflow item for each of the second filtered evidence pieces; and
      
      assigning each of the generated second workflow items to a second expert selected based on the second filter criteria for prompting analysis of the contents of the corresponding second filtered evidence pieces.
  - 8. The method of claim 1 further comprising:
    - identifying one or more of the annotations based on the associated labels; and
      
      generating a report based on the identified annotations.
  - 9. The method of claim 1 further comprising:
    - tracking status of each of the workflow items; and
      
      displaying the status on a user display.

10. A server for analyzing forensic evidence data, the server comprising:
- a processor; and
  
  a memory operably coupled to the processor and having program instructions stored therein, the processor being operable to execute the program instructions, the program instructions including;
  
  receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece;
  
  filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes;
  
  receiving a first user command for the filtered evidence pieces;
  
  generating a separate workflow item for each of the filtered evidence pieces in response to the first user command;
  
  receiving a second user command for the workflow items;
  
  identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and
  
  assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces.

11. A computer-implemented method for automatic workflow task generation in a forensic investigation system, the method comprising:
- processing a piece of evidence;
  
  generating a trigger event based on the processing of the piece of evidence;
  
  automatically invoking a rule set based on the generated trigger event;
  
  automatically selecting, without user intervention, one or more evidence pieces based on the invoked rule set;
  
  automatically generating, without user intervention, a separate workflow item for each of the one or more of the evidence pieces;
  
  automatically selecting, without user intervention, an expert based on the invoked rule set; and
  
  automatically assigning, without user intervention, each of the generated workflow items to the selected expert.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The method of claim 11, wherein the piece of evidence is associated with a plurality of attributes, the processing including reviewing the plurality of attributes stored in association with the piece of evidence, and wherein the trigger is identification of a particular one of the plurality of attributes.
  - 13. The method of claim 12, wherein the one or more evidence pieces includes the processed piece of evidence.
  - 14. The method of claim 12, wherein the one or more evidence pieces includes evidence pieces other than the processed piece of evidence.
  - 15. The method of claim 12, wherein the automatically selecting an expert includes:
    - maintaining an expert list in association with each of the plurality of attributes;
      
      identifying the expert list associated with the particular one of the plurality of attributes; and
      
      identifying an expert from the expert list.
  - 16. The method of claim 15, wherein the identified expert has abilities commensurate with the filter criteria.
  - 17. The method of claim 11, wherein the processing of the piece of evidence includes:
    - generating an annotation for the piece of evidence; and
      
      generating a label for the annotation, wherein the trigger event is the generating of the annotation having the label.
  - 18. The method of claim 17, wherein the rule set identifies a filter criteria, and the automatically selecting the one or more evidence pieces is based on the filter criteria.
  - 19. The method of claim 18, wherein the filter criteria identifies one or more of a plurality of attributes associated with the one or more other evidence pieces.
  - 20. The method of claim 19, wherein the automatically selecting an expert includes:
    - maintaining an expert list in association with each of the plurality of attributes;
      
      identifying the expert list associated with the filter criteria; and
      
      identifying an expert from the expert list.
  - 21. The method of claim 20, wherein the identified expert has abilities commensurate with the filter criteria.
  - 22. The method of claim 11, wherein the automatically selecting does not invoke examination of contents of the one or more other evidence pieces.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guidance Software Incorporated (Open Text Corporation)
Original Assignee
Guidance Software Incorporated (Open Text Corporation)
Inventors
Fredrickson, Jason

Application Number

US12/005,695
Publication Number

US 20090171961A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

Workflow collaboration in a forensic investigations system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Workflow collaboration in a forensic investigations system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others