CONFIGURABLE INVESTIGATIVE TOOL
First Claim
Patent Images
1. A method comprising:
- storing an investigative profile that identifies a plurality of tools and defines a manner in which an investigative tool invokes the identified tools for an investigation of a target computing device;
configuring the investigative tool on an investigative device for the investigation based on the investigative profile to provide a common execution framework for selective execution of the plurality of tools identified by the investigative profile;
transferring, with the investigative device upon execution of the investigative tool, one or more of the identified tools and a remote agent to the target computing device;
executing, with the investigative device upon execution of the investigative tool, the remote agent on the target computing device to execute the identified tools on the target computing device in the manner defined by the investigative profile; and
receiving, with the investigative tool executing on the investigative device, data acquired from the target computing device by the execution of the identified tools in the manner defined by the investigative profile.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure provides example techniques to invoke one or more tools, with an investigative tool. The investigative tool provides a common framework that allows investigators to invoke their own trusted tools or third-party generated tools. The investigative tool described herein seamlessly and transparently invokes the tools in accordance with an investigative profile created by the investigator.
-
Citations
28 Claims
-
1. A method comprising:
-
storing an investigative profile that identifies a plurality of tools and defines a manner in which an investigative tool invokes the identified tools for an investigation of a target computing device; configuring the investigative tool on an investigative device for the investigation based on the investigative profile to provide a common execution framework for selective execution of the plurality of tools identified by the investigative profile; transferring, with the investigative device upon execution of the investigative tool, one or more of the identified tools and a remote agent to the target computing device; executing, with the investigative device upon execution of the investigative tool, the remote agent on the target computing device to execute the identified tools on the target computing device in the manner defined by the investigative profile; and receiving, with the investigative tool executing on the investigative device, data acquired from the target computing device by the execution of the identified tools in the manner defined by the investigative profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An investigative device comprising:
-
a storage device that stores an investigative profile that identifies a plurality of tools and defines a manner in which an investigative tool invokes the identified tools for an investigation of a target computing device; and a hardware unit that executes the investigative tool to; configure the investigative tool for the investigation based on the investigative profile to provide a common execution framework for selective execution of the plurality of tools identified by the investigative profile; transfer one or more of the identified tools and a remote agent to the target computing device; execute the remote agent on the target computing device to execute the identified tools on the target computing device in the manner defined by the investigative profile; and receive data acquired from the target computing device by the execution of the identified tools in the manner defined by the investigative profile. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A non-transitory computer-readable storage medium comprising instructions that cause one or more processors to:
-
store an investigative profile that identifies a plurality of tools and defines a manner in which an investigative tool invokes the identified tools for an investigation of a target computing device; configure the investigative tool for the investigation based on the investigative profile to provide a common execution framework for selective execution of the plurality of tools identified by the investigative profile; transfer, upon execution of the investigative tool, one or more of the identified tools and a remote agent to the target computing device; execute, upon execution of the investigative tool, the remote agent on the target computing device to execute the identified tools on the target computing device in the manner defined by the investigative profile; and receive, with the investigative tool, data acquired from the target computing device by the execution of the identified tools in the manner defined by the investigative profile. - View Dependent Claims (28)
-
Specification