System and method for searching for static data in a computer investigation system
First Claim
1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
- Identifying by the client device a search key;
Identifying by the client device, based on file metadata, a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device;
Transmitting the search key to the first and second target devices over a secure data communications network;
Streaming by the client device, over the secure data communications network, a plurality of first file extents associated with the first file to the first target device, and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a range of data of the corresponding file to be searched;
Receiving and processing by respectively the first and second target devices the streamed first and second file extents,Storing the received first and second file extents in respectively first and second in-queues at respectively the first and second target devices;
Monitoring fullness of the first and second in-queues;
Responsive to the monitoring, streaming by the client device a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device, over the secure data communications network;
Concurrently searching by the first and second target devices for the search key at respectively each range of data specified in each received first file extent and at each range of data specified in each received second file extent; and
Generating search results by the first and second target devices based on the respective searching of each range of data, wherein the search results identify information relating to the search key located during the searching.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.
39 Citations
30 Claims
-
1. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
-
Identifying by the client device a search key; Identifying by the client device, based on file metadata, a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device; Transmitting the search key to the first and second target devices over a secure data communications network; Streaming by the client device, over the secure data communications network, a plurality of first file extents associated with the first file to the first target device, and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a range of data of the corresponding file to be searched; Receiving and processing by respectively the first and second target devices the streamed first and second file extents, Storing the received first and second file extents in respectively first and second in-queues at respectively the first and second target devices; Monitoring fullness of the first and second in-queues; Responsive to the monitoring, streaming by the client device a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device, over the secure data communications network; Concurrently searching by the first and second target devices for the search key at respectively each range of data specified in each received first file extent and at each range of data specified in each received second file extent; and Generating search results by the first and second target devices based on the respective searching of each range of data, wherein the search results identify information relating to the search key located during the searching. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21, 22, 23, 24, 25, 27, 28, 29, 30)
-
-
9. A computer investigation system comprising:
-
a client device; first and second target devices coupled to the client device over a data communications network; first and second storage devices coupled respectively to the first and second target devices; a server brokering secure communication between the client device and the first and second target devices over the data communications network, wherein the client device; identifies a search key, identifies, based on file metadata, a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device, Transmits the search key to the first and second target devices over a secure data communications network, and Streams over the secure data communications network plurality of first file extents associated with the first file to the first target device, and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a range of data of the corresponding file to be searched, Wherein the first and second target devices respectively; Receive and process the streamed first and second file extents, Concurrently search for the search key at respectively each range of data specified in each received first file extent and at each range of data specified in each received second file extent, and Respectively generating search results based on the searching of each range of data, wherein the search results identify information relating to the search key located during the searching; and First and second in-queues respectively coupled to the first and second target devices and respectively storing the received first and second file extents, Wherein the first and second in-queues are monitored for fullness, and in response to the monitoring, the client device streams a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device for causing the first and second target devices to search for the search key at the range of data specified in respectively each of the second plurality of first file extents and each of the second plurality of second file extents. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. In a networked computer investigation system, a client device investigating data stored in first and second storage devices respectively coupled to first and second target devices, the client device comprising:
-
a processor; a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; identifying a search key; identifying, based on file metadata, a first file stored in the first storage device coupled to the first target device and a second file stored in the second storage device coupled to the second target device; transmitting the search key to the first and second target devices over a secure data communications network; streaming over the secure data communications network a plurality of first file extents associated with the first file to the first target device, and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a range of data of the corresponding file to be searched, Wherein the first and second target devices are configured to concurrently search for the search key at respectively each range of data specified in each received first file extent and at each range of data specified in each received second file Wherein the first and second target devices are respectively coupled to first and second in-queues respectively storing received first and second file extents, Wherein the first and second in-queues are monitored for fullness; responsive to the monitoring, streaming by the client device a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device, over the secure data communications network, wherein the first and second target devices are configured to search for the search key at the range of data specified in respectively each of the second plurality of first file extents and each of the second plurality of second file extents; and Receiving first and second search results generated by respectively the first and second target devices based on the respective searching of each range of data, wherein the search results identify information relating to the search key located during the searching. - View Dependent Claims (18, 19, 20)
-
-
26. In a networked computer investigation system including a client device and a plurality of target devices coupled to the client device, a method for investigating data stored in one or more storage devices coupled to the plurality of target devices, the method comprising:
-
identifying by the client device the search key for conducting a search of contents of files stored in the various target devices; identifying by the client device, based on file metadata, a first file stored in a first storage device coupled to a first target device and a second file stored in a second storage device coupled to a second target device; retrieving by the client device file properties of the first and second files to be searched; determining by the client device, based on the retrieved file properties, whether the first and second files to be searched each satisfies a filter criteria; if the determining outputs a first result; transmitting by the client device the search key to the first and second target devices over a secure data communications network; streaming by the client device over the secure data communications network a plurality of first file extents associated with the first file to the first target device, and a plurality of second file extents associated with the second file to the second target device, each file extent identifying a range of data of the corresponding file to be searched; receiving and processing by respectively the first and second target devices the streamed first and second file extents; storing the received first and second file extents in respectively first and second in-queues at respectively the first and second target devices; monitoring fullness of the first and second in-queues; responsive to the monitoring, streaming by the client device a second plurality of first file extents associated with the first file to the first target device and a second plurality of second file extents associated with the second file to the second target device, over the secure data communications network; concurrently searching by the first and second target devices for the search key at respectively each range of data specified in each received first file extent and at each range of data specified in each received second file extent; and receiving by the client device from the one of the plurality of target devices search results generated by the first and second target devices based on the respective searching of each range of data, wherein the search results identify information relating to the search key located during the searching; and if the determining outputs a second result; receiving the file by the client device from one of the plurality of target devices; and searching the contents of the file locally by the client device for the search key instead of invoking the plurality of target devices.
-
Specification