Enterprise computer investigation system
First Claim
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
- authenticating the client device;
transmitting a first cryptographic key to the client device;
authenticating the target device;
transmitting a second cryptographic key to the target device;
receiving from the client device over the data communications network, a request for conducting an investigation of the target device, the request including identification of the target device, the request being encrypted via the first cryptographic key;
generating an investigation session key in response to the investigation request;
transmitting the session key to the client device, the session key to the client device being encrypted via the first cryptographic key;
transmitting the session key to the target device, the session key to the target device being encrypted via the second cryptographic key;
receiving an investigation command from the client device, the investigation command being encrypted via the session key; and
forwarding the encrypted investigation command to the target device, wherein the target device transmits to the client device an output responsive to the investigation command, the output being encrypted via the session key.
9 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
42 Citations
9 Claims
-
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
-
authenticating the client device; transmitting a first cryptographic key to the client device; authenticating the target device; transmitting a second cryptographic key to the target device; receiving from the client device over the data communications network, a request for conducting an investigation of the target device, the request including identification of the target device, the request being encrypted via the first cryptographic key; generating an investigation session key in response to the investigation request; transmitting the session key to the client device, the session key to the client device being encrypted via the first cryptographic key; transmitting the session key to the target device, the session key to the target device being encrypted via the second cryptographic key; receiving an investigation command from the client device, the investigation command being encrypted via the session key; and forwarding the encrypted investigation command to the target device, wherein the target device transmits to the client device an output responsive to the investigation command, the output being encrypted via the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification