System and Method for Simultaneous Forensic, Acquisition, Examination and Analysis of a Computer Readable Medium at Wire Speed
First Claim
1. A system for simultaneous forensic acquisition and analysis of data from a target data repository, the system comprising:
- a source agent in operative communication with the target data repository, said source agent being incapable of writing to the target data repository, said source agent being configured to read a portion of the target data repository;
an investigator computer having a processor configured to send at least one prioritised read command to said source agent to schedule a read of the target data repository based on a predetermined priority; and
a data sink configured to store at least a partial forensic image of the target data repository based on the data read by said source agent.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a system for simultaneous forensic acquisition and analysis of data from a target data repository. The system comprises a source agent in communication with the target data repository. The source agent is incapable of writing to the target data repository and is configured to read a portion of the target data repository. The system further comprises an investigator computer having a processor configured to send at least one prioritised read command to the source agent to schedule a read of the target data repository based on a predetermined priority. A data sink is configured to store at least a partial forensic image of the target data repository based on the data read by said source agent.
-
Citations
40 Claims
-
1. A system for simultaneous forensic acquisition and analysis of data from a target data repository, the system comprising:
-
a source agent in operative communication with the target data repository, said source agent being incapable of writing to the target data repository, said source agent being configured to read a portion of the target data repository; an investigator computer having a processor configured to send at least one prioritised read command to said source agent to schedule a read of the target data repository based on a predetermined priority; and a data sink configured to store at least a partial forensic image of the target data repository based on the data read by said source agent. - View Dependent Claims (2, 3, 4, 7, 9, 10, 14, 22, 24, 25)
-
-
5-6. -6. (canceled)
-
8. (canceled)
-
11-13. -13. (canceled)
-
15-21. -21. (canceled)
-
23. (canceled)
-
26. A method for forensically analysing data during a data acquisition from a target data repository, the method comprising:
-
reading data, with a source agent, from the target data repository to a data sink to assemble a partial forensic image of the target data repository; submitting at least one prioritised read command to the source agent, the prioritised read command including a read command that is prioritised based on a pre-configured priority; scheduling, with the source agent, a data read from the target data repository based on the prioritised read command; reading data, with the source agent, from the target data repository based on the prioritised read command to the data sink; and permitting analysis of the data procured by the prioritised read command while further data is read from the target data repository. - View Dependent Claims (27, 29, 30, 31, 33, 36)
-
-
28. (canceled)
-
32. (canceled)
-
34-35. -35. (canceled)
-
37. (canceled)
-
38. A method for forensically analysing data during a data acquisition from a target data repository, the method comprising:
-
reading data, with a source agent, from the target data repository to a data sink to assemble a partial forensic image of the target data repository; submitting at least one prioritised read command to a sink agent operatively connected to the data sink, the prioritised read command specifying a subset of data thought to be contained in the target data repository; and reading, with the sink agent, the subset of data from the data sink if the requested subset of data is in the data sink, otherwise forwarding the prioritised read command to the source agent to obtain the requested subset of data. - View Dependent Claims (39)
-
-
40-41. -41. (canceled)
Specification