Enterprise computer investigation system
First Claim
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
- authenticating the client device;
transmitting a first cryptographic key to the client device;
authenticating the target device;
transmitting a second cryptographic key to the target device;
receiving from the client device over the data communications network, a request for conducting an investigation of the target device, the request including identification of the target device, the request being encrypted via the first cryptographic key;
generating an investigation session key in response to the investigation request;
transmitting the session key to the client device, the session key to the client device being encrypted via the first cryptographic key;
transmitting the session key to the target device, the session key to the target device being encrypted via the second cryptographic key;
receiving an investigation command from the client device, the investigation command being encrypted via the session key; and
forwarding the encrypted investigation command to the target device, wherein the target device transmits to the client device an output responsive to the investigation command, the output being encrypted via the session key.
9 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
42 Citations
9 Claims
-
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
-
authenticating the client device; transmitting a first cryptographic key to the client device; authenticating the target device; transmitting a second cryptographic key to the target device; receiving from the client device over the data communications network, a request for conducting an investigation of the target device, the request including identification of the target device, the request being encrypted via the first cryptographic key; generating an investigation session key in response to the investigation request; transmitting the session key to the client device, the session key to the client device being encrypted via the first cryptographic key; transmitting the session key to the target device, the session key to the target device being encrypted via the second cryptographic key; receiving an investigation command from the client device, the investigation command being encrypted via the session key; and forwarding the encrypted investigation command to the target device, wherein the target device transmits to the client device an output responsive to the investigation command, the output being encrypted via the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeOpen Text Holdings, Inc. (Open Text Corporation)
-
Original AssigneeGuidance Software Incorporated (Open Text Corporation)
-
InventorsGarrett, Matthew, Weber, Dominik, McCreight, Shawn
-
Primary Examiner(s)Dada; Beemnet W
-
Application NumberUS10/936,466Publication NumberTime in Patent Office2,365 DaysField of Search709217-219, 726/22, 726/26, 726/27, 713/164, 713/165, 713/167, 713/168, 713/171, 380/278, 380/279, 380/281US Class Current713/168CPC Class CodesG06F 16/24575 using contextG06F 16/248 Presentation of query resultsG06F 16/9535 Search customisation based ...G06F 21/60 Protecting dataG06F 21/606 by securing the transmissio...G06F 21/64 Protecting data integrity, ...H04L 63/0435 wherein the sending and rec...H04L 63/0442 wherein the sending and rec...H04L 63/062 for key distribution, e.g. ...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/1433 Vulnerability analysisH04L 9/00 Cryptographic mechanisms or...
