Systems and Methods For Digital Forensic Triage

US 20120322422A1
Filed: 06/20/2012
Published: 12/20/2012
Est. Priority Date: 06/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method for forensic triage comprising:

coupling, communicatively, a computer and a mobile device, wherein the computer comprises one or more processors conductively coupled to one or more memory modules and the mobile device comprises one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules, and machine readable instructions stored on the one or more mobile memory modules of the mobile device;

booting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device;

receiving a search data set with the one or more mobile processors of the mobile device;

executing, automatically with the one or more processors, the one or more mobile processors, or both, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set; and

transmitting the triage data via the one or more communication modules of the mobile device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for forensic triage may include coupling, communicatively, a computer and a mobile device. The computer can be booted with machine readable instructions stored on the one or more mobile memory modules of the mobile device. A search data set can be received with one or more mobile processors of the mobile device. One or more processors of the computer, the one or more mobile processors, or both, can execute, automatically, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set. The triage data can be transmitted via one or more communication modules of the mobile device.

143 Citations

20 Claims

1. A method for forensic triage comprising:
- coupling, communicatively, a computer and a mobile device, wherein the computer comprises one or more processors conductively coupled to one or more memory modules and the mobile device comprises one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules, and machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  booting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  receiving a search data set with the one or more mobile processors of the mobile device;
  
  executing, automatically with the one or more processors, the one or more mobile processors, or both, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set; and
  
  transmitting the triage data via the one or more communication modules of the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - storing the triage data in the one or more mobile memory modules of the mobile device.
  - 3. The method of claim 1, further comprising:
    - coupling, communicatively, the mobile device and a cloud computing device with a cellular network, wherein the cloud computing device comprises one or more cloud processors communicatively coupled to one or more cloud memory modules, and wherein the triage data is transmitted over the cellular network and stored in the one or more cloud memory modules.
  - 4. The method of claim 3, further comprising:
    - pushing the search data set from the cloud computing device to the mobile device over the cellular network.
  - 5. The method of claim 3, further comprising:
    - pushing the search data set from the mobile device to the cloud computing device over the cellular network.
  - 6. The method of claim 1, further comprising:
    - copying, automatically with the one or more processors, the one or more mobile processors, or both, one or more system resources from the one or more memory modules of the computer to the one or more mobile memory modules of the mobile device.
  - 7. The method of claim 6, further comprising:
    - shutting the computer down;
      
      rebooting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device; and
      
      restoring the one or more system resources from the one or more mobile memory modules of the mobile device to the one or more memory modules of the computer, wherein the one or more system resources comprises at least one operating system detail.
  - 8. The method of claim 1, further comprising:
    - capturing image data; and
      
      associating, automatically with the one or more mobile processors, the image data with the triage data in the one or more mobile memory modules of the mobile device.
  - 9. The method of claim 1, wherein the search data set comprises a keyword list, the keyword list comprising a plurality of keywords of interest.
  - 10. The method of claim 1, wherein the search data set comprises a hash list, the hash list comprising a plurality of hashes that correspond to output from a cryptographic hash function.
  - 11. The method of claim 10, wherein the cryptographic hash function is a message-digest algorithm.
  - 12. The method of claim 1, wherein the search data set comprises a search list that comprises a plurality of identifiers that each correspond to an instance of a system resource.
  - 13. The method of claim 1, wherein the computer and the mobile device are communicatively coupled with a wire.
  - 14. The method of claim 1, wherein the computer and the mobile device are communicatively coupled with a wirelessly.

15. A system for forensic triage comprising:
- a mobile device comprising one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules;
  
  a cloud computing device communicatively coupled to the one or more communication modules of the mobile device, the cloud computing device comprising one or more cloud processors conductively coupled to one or more cloud memory modules;
  
  a search data set stored on the one or more mobile memory modules of the mobile device, the one or more cloud memory modules, or both; and
  
  machine readable instructions stored on the one or more mobile memory modules of the mobile device, the one or more cloud memory modules, or both, wherein when the one or more communication modules of the mobile device is communicatively coupled to a computer comprising one or more processors conductively coupled to one or more memory modules, the one or more processors, the one or more mobile processors, or both are configured to execute the machine readable instructions to;
  
  boot the computer according to the machine readable instructions;
  
  search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set; and
  
  the one or more cloud processors, the one or more mobile processors, or both are configured to execute the machine readable instructions to;
  
  compare the triage data, the search data set, or both to a data archive that is protected by a firewall;
  
  allow the receipt of data indicative of a match between the triage data and the data archive, the search data set and the data archive, or both; and
  
  deny the receipt of predefined segments of the data archive.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the one or more cloud processors, the one or more mobile processors, or both are configured to execute the machine readable instructions to:
    - request access to the data archive;
      
      grant access to the data archive; and
      
      deny access to the data archive.
  - 17. The system of claim 15, wherein the search data set is stored on both the one or more mobile memory modules of the mobile device and the one or more cloud memory modules, and the one or more cloud processors, the one or more mobile processors, or both are configured to execute the machine readable instructions to:
    - synchronize the search data set.
  - 18. The system of claim 15, wherein the one or more cloud processors, the one or more mobile processors, or both are configured to execute the machine readable instructions to:
    - associate image data with the triage data in the one or more mobile memory modules of the mobile device, the one or more cloud memory modules, or both.
  - 19. The system of claim 15, wherein the search data set comprises a keyword list that comprises a plurality of keywords of interest, a hash list that comprises a plurality of hashes that correspond to output from a cryptographic hash function, and a search list that comprises a plurality of identifiers that each correspond to an instance of a system resource.

20. A method for forensic triage comprising:
- coupling, communicatively, a computer and a mobile device, wherein the computer comprises one or more processors conductively coupled to one or more memory modules and the mobile device comprises one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules, and machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  booting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  receiving a search data set with the one or more mobile processors of the mobile device, wherein the search data set comprises a keyword list that comprises a plurality of keywords of interest, a hash list that comprises a plurality of hashes that correspond to output from a cryptographic hash function, and a search list that comprises a plurality of identifiers that each correspond to an instance of a system resource;
  
  executing, automatically with the one or more processors, the one or more mobile processors, or both, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set;
  
  coupling, communicatively, the mobile device and a cloud computing device with a cellular network; and
  
  transmitting the triage data via the one or more communication modules of the mobile device over the cellular network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aces & Eights Corporation
Original Assignee
Aces And Eights Corporation
Inventors
Frecks, Austin P. Jr., Curry, Anthony W., Lynn, Donald G. Jr., Bland, Christopher J.

Granted Patent

US 9,071,924 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/414.1
CPC Class Codes

G06F 16/113   Details of archiving lifecy...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2153   Using hardware token as a s...

G06F 9/4416   Network booting; Remote ini...

H04L 63/02   for separating internal fro...

H04L 63/302   gathering intelligence info...

H04L 9/3236   using cryptographic hash fu...

H04W 12/12   Detection or prevention of ...

H04W 4/60   Subscription-based services...

Systems and Methods For Digital Forensic Triage

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods For Digital Forensic Triage

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links