Workflow collaboration in a forensic investigations system
First Claim
1. A computer-implemented method for analyzing forensic evidence data, the method comprising:
- receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece;
filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes;
receiving a first user command for the filtered evidence pieces;
generating a separate workflow item for each of the filtered evidence pieces in response to the first user command;
receiving a second user command for the workflow items;
identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and
assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for centralized workflow collaboration that invokes the skills of different experts to carry out investigation of forensic evidence data and generate a forensic report. A centralized workflow system stores attributes, annotations, reports, and other information associated with collected forensic evidence data. The attributes associated with the evidence data are used to narrow the evidence data without actually reviewing the contents of the evidence, and to assign the review of the contents of the narrowed evidence to experts who are deemed to have the qualifications necessary to perform the review. The assignment of a workflow task to a particular expert may be manual or automatic. The generating of workflow tasks may also be automatic in response to evidence processing.
34 Citations
22 Claims
-
1. A computer-implemented method for analyzing forensic evidence data, the method comprising:
-
receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece; filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes; receiving a first user command for the filtered evidence pieces; generating a separate workflow item for each of the filtered evidence pieces in response to the first user command; receiving a second user command for the workflow items; identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A server for analyzing forensic evidence data, the server comprising:
-
a processor; and a memory operably coupled to the processor and having program instructions stored therein, the processor being operable to execute the program instructions, the program instructions including; receiving a plurality of evidence pieces, wherein each of the plurality of evidence pieces has a plurality of attributes stored in association with the evidence piece; filtering the plurality of evidence pieces based on a filter criteria, wherein the filter criteria includes one or more of the plurality of the attributes; receiving a first user command for the filtered evidence pieces; generating a separate workflow item for each of the filtered evidence pieces in response to the first user command; receiving a second user command for the workflow items; identifying an expert based on the second user command, the identified expert having abilities commensurate with the filter criteria; and assigning each of the workflow items to the expert for prompting analysis of contents of the filtered evidence pieces.
-
-
11. A computer-implemented method for automatic workflow task generation in a forensic investigation system, the method comprising:
-
processing a piece of evidence; generating a trigger event based on the processing of the piece of evidence; automatically invoking a rule set based on the generated trigger event; automatically selecting, without user intervention, one or more evidence pieces based on the invoked rule set; automatically generating, without user intervention, a separate workflow item for each of the one or more of the evidence pieces; automatically selecting, without user intervention, an expert based on the invoked rule set; and automatically assigning, without user intervention, each of the generated workflow items to the selected expert. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification