SYSTEMS AND METHODS FOR GRAPHICAL EXPLORATION OF FORENSIC DATA
First Claim
Patent Images
1. A method of examining digital forensic data using a viewer computer comprising a memory and a processor, the digital forensic data extracted from at least one target device by a forensic data retrieval application, the method comprising:
- receiving, at the viewer computer, a data collection generated by the forensic data retrieval application, the data collection comprising a plurality of data items extracted from the at least one target device;
scanning the data collection to identify a plurality of data artifacts; and
for a first artifact in the plurality of artifacts, determining at least one attribute possessed by the first artifact, and adding the first artifact to at least one of a plurality of ontological sets based on possession of the at least one attribute.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for examining digital forensic data using a viewer computer. Forensic data collections are provided to the viewer computer, which can format the data artifacts according to a variety of display types and presentation formats, to facilitate review and reporting by a user. The display types and presentation formats also enable the user to easily switch between a source location view and a related artifacts view.
-
Citations
20 Claims
-
1. A method of examining digital forensic data using a viewer computer comprising a memory and a processor, the digital forensic data extracted from at least one target device by a forensic data retrieval application, the method comprising:
-
receiving, at the viewer computer, a data collection generated by the forensic data retrieval application, the data collection comprising a plurality of data items extracted from the at least one target device; scanning the data collection to identify a plurality of data artifacts; and for a first artifact in the plurality of artifacts, determining at least one attribute possessed by the first artifact, and adding the first artifact to at least one of a plurality of ontological sets based on possession of the at least one attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification