System and method for collecting electronic evidence data
First Claim
1. A method for collecting electronic evidence data from one or more computers, wherein the method comprises:
- providing an agent software application to the one or more computers, wherein the agent software application includes criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein said electronic evidence data further concerns an operational aspect of the one or more computers on which the agent software application is executing, and wherein the agent software application is configured to transmit the identified electronic evidence data to a server;
executing the agent software application on at least one computer, wherein the execution of the agent software application searches a local memory of the computer and identifies said electronic evidence data in said local memory;
transmitting the identified data from at least one computer executing the agent software application to the server;
receiving the identified data at the server, wherein the identified data is received from at least one computer executing the agent software application;
storing the identified data on a memory device of the server;
verifying a receipt of the identified data at the server; and
generating a report of the identified data.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for automatically locating, identifying, and collecting electronic evidence data stored in a number of computers. In one embodiment, a method of the present invention collects electronic evidence data from a plurality of computers and stores the collected data on a server. The method first provides an agent software application to the plurality of computers. The agent software application is configured and arranged with predefined criteria that allows the agent software application to identify data that is characteristic of electronic evidence. The agent software application is also configured and arranged to transmit the identified data to the server. In response to receiving the identified data, the server stores the identified data on a memory device of the server.
-
Citations
24 Claims
-
1. A method for collecting electronic evidence data from one or more computers, wherein the method comprises:
-
providing an agent software application to the one or more computers, wherein the agent software application includes criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein said electronic evidence data further concerns an operational aspect of the one or more computers on which the agent software application is executing, and wherein the agent software application is configured to transmit the identified electronic evidence data to a server; executing the agent software application on at least one computer, wherein the execution of the agent software application searches a local memory of the computer and identifies said electronic evidence data in said local memory; transmitting the identified data from at least one computer executing the agent software application to the server; receiving the identified data at the server, wherein the identified data is received from at least one computer executing the agent software application; storing the identified data on a memory device of the server; verifying a receipt of the identified data at the server; and generating a report of the identified data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for collecting electronic evidence data from a computer, wherein the method comprises:
-
obtaining an agent software application, wherein the agent software application includes predefined criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein the agent software application is configured to transmit the identified data to a server; executing the agent software application to identify said data that is characteristic of electronic evidence; transmitting the identified data from the computer to the server; verifying a receipt of the identified data at the server; and generating a report of the identified data, wherein the agent software application is configured to transmit the identified data over a period of time such that at least a first portion of the identified data is transmitted at a first time, and a second portion of the identified data is transmitted at a second time. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer system for collecting electronic evidence on a server from a plurality of computers, wherein the computer system comprises:
-
means for providing an agent software application to the plurality of computers, wherein the agent software application is configured with predefined criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein said electronic evidence data further concerns an operational aspect of the computer on which the agent software application is executing, and wherein the agent software application is configured to transmit the identified data to the server; means for executing the agent software application on at least one computer of the plurality of computers to search a local memory of the computer and identify said electronic evidence data in said local memory; means for receiving the identified data at the server, wherein the identified data is received from at least one computer of the plurality of computers; means for storing the identified data on a memory device of the server; means for verifying a receipt of the identified data at the server; and means for generating a report of the identified data.
-
-
20. A computer system for collecting electronic evidence on a server from a computer, wherein the computer system comprises:
-
means for receiving an agent software application, wherein the agent software application is configured with predefined criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein the agent software application is configured to transmit the identified data to the server; means for executing the agent software application, wherein the agent software application is configured to automatically execute at a first time; means for transmitting the identified data from the computer to the server, wherein the agent software application is configured to transmit the identified data at a second time; means for determining if the transmission of the identified data has failed, and if the transmission of the identified data has failed, then terminating the transmission of the identified data and retransmitting the identified data from the computer to the server; and means for storing the identified data on a computer-readable medium in the computer on which the agent software application is executing for manual collection at a later time.
-
-
21. A computer-readable medium having computer-executable components for collecting electronic evidence data, wherein the components comprise:
-
a template data component operable to define a criterion that instructs a software application to identify and collect information describing operational aspects of a computer executing the software application, said operational aspects comprising a user name, drive size, a number of drives installed on the computer, amount of free space in a computer memory, and a catalog of files stored in the computer memory; an identification data component operable to define a criterion that instructs a software application to access secured data stored in the computer executing the software application based on the operational aspects of the computer, said secured data comprising a computer name, a user email address, and a user name; and a transfer data component operable to define a criterion that instructs a software application to transmit the secured data stored in the computer and the data that is identified in the template component. - View Dependent Claims (22)
-
-
23. A computer system comprising a plurality of computers and a collection server, wherein the computer system is configured for collecting electronic evidence data from the plurality of computers and storing the electronic evidence data on the collection server, the system comprises:
-
means for generating an agent software application, wherein the agent software application is configured with predefined criteria to identify data describing operational aspects of the computer on which the agent software application is executing, said operational aspects comprising a user name, drive size, a number of drives installed on the computer, amount of free space in a computer memory, and a catalog of files stored in the computer memory, wherein the agent software application is configured to transmit the identified data to the collection server as electronic evidence data; means for transmitting the agent software application to the plurality of computers; means for executing the agent software application, wherein the execution of the agent software application produces identified data that is characteristic of electronic evidence; and means for transmitting the identified data from the plurality of computers to the collection server.
-
-
24. A method for collecting electronic evidence data from a computer, wherein the method comprises:
-
obtaining an agent software application, wherein the agent software application includes predefined criteria to identify data that is characteristic of electronic evidence, said criteria comprising at least one predetermined keyword to search for in a data file, a data file attribute that indicates a time when the data file was accessed, a file type, and a directory location in which the data file is stored, wherein the agent software application is configured to transmit the identified data to a server; executing the agent software application; storing the identified data on a computer-readable medium local to the computer on which the agent software application is executing; transmitting the identified data from the computer to the server; and if the transmission of the identified data is incomplete, then repeatedly attempting to transmit the electronic evidence data to the server until the data transmission is complete or a determined number of transmissions of the identified data has been attempted.
-
Specification