Methods for searching forensic data
First Claim
1. A nontransitory computer-readable storage medium upon which is embodied and stored a sequence of programmed instructions that, when executed by a processor, cause the processor to perform functions comprising:
- extracting data from input data;
detecting suspect data contained in said extracted data using a forensic search tool of a computing platform associated with a first entity, said detecting performed by matching said extracted data with one or more pre-defined data patterns specified by said forensic search tool, wherein said suspect data comprises data identified by said forensic search tool as being associated with inappropriate or illegal activities;
including the suspect data and a non-readable and non-modifiable representation of sensitive data in the forensic search tool;
outputting a report identifying said suspect data; and
outputting said forensic search tool by said computing platform associated with said first entity to at least one computing platform associated with a second entity,wherein instructions associated with said digital forensic search tool further comprise a header,a search markup language portion, anda data features portion containing features of data,wherein the digital forensic search tool enables said computing platform associated with said first entity to share the digital forensic search tool with said at least one computing platform associated with a second entity in a manner that enables utilization of the representation of sensitive data by the second entity while not revealing the actual content of the sensitive data to the second entity; and
wherein instructions implementing said digital forensic search tool are provided in accordance with a search markup language.
0 Assignments
0 Petitions
Accused Products
Abstract
In one aspect of the present invention, a software component for conducting digital forensic searches is described. The software component has a header; one or more search markup language programs, and a data features section. The software component, also referred to as a search pack, enables a first entity, such as a federal investigation agency, to share its suspect and sensitive data with a second entity, such as another investigative agency in a manner that allows the second agency to utilize the suspect data while not revealing the actual content of the sensitive data to the second agency. The second agency can perform comparisons and other operations on the sensitive data without having to know the actual content of the data. The search pack allows an investigative agency to define an investigative strategy for a particular case via the search markup language programs and by the data features that it includes in the search pack. Thus, by sharing search packs among agencies, an agency can share or inform others of that agency'"'"'s theory of the case and investigative goal. Search packs can also be updated automatically as new information is learned about a particular case. A search pack is updated is determined by the agency that created it and manages it.
-
Citations
22 Claims
-
1. A nontransitory computer-readable storage medium upon which is embodied and stored a sequence of programmed instructions that, when executed by a processor, cause the processor to perform functions comprising:
-
extracting data from input data; detecting suspect data contained in said extracted data using a forensic search tool of a computing platform associated with a first entity, said detecting performed by matching said extracted data with one or more pre-defined data patterns specified by said forensic search tool, wherein said suspect data comprises data identified by said forensic search tool as being associated with inappropriate or illegal activities; including the suspect data and a non-readable and non-modifiable representation of sensitive data in the forensic search tool; outputting a report identifying said suspect data; and outputting said forensic search tool by said computing platform associated with said first entity to at least one computing platform associated with a second entity, wherein instructions associated with said digital forensic search tool further comprise a header, a search markup language portion, and a data features portion containing features of data, wherein the digital forensic search tool enables said computing platform associated with said first entity to share the digital forensic search tool with said at least one computing platform associated with a second entity in a manner that enables utilization of the representation of sensitive data by the second entity while not revealing the actual content of the sensitive data to the second entity; and wherein instructions implementing said digital forensic search tool are provided in accordance with a search markup language. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A digital forensic analysis method, comprising:
-
extracting data from input data; detecting suspect data contained in said extracted data using a forensic search tool of a computing platform associated with a first entity, said detecting performed by matching said extracted data with one or more pre-defined data patterns specified by said forensic search tool, wherein said suspect data comprises data identified by said forensic search tool as being associated with inappropriate or illegal activities; including the suspect data and a non-readable and non-modifiable representation of sensitive data in the forensic search tool; outputting a report identifying said suspect data; and outputting said forensic search tool by said computing platform associated with said first entity to at least one computing platform associated with a second entity, wherein the said forensic search tool includes features portion containing features of data, a header, and a search markup language portion, wherein said forensic search tool enables said computing platform associated with said first entity to share said forensic search tool with said at least one computing platform associated with said second entity in a manner that enables utilization of the representation of sensitive data by the second entity while not revealing the actual content of the sensitive data to the second, and wherein said forensic search tool is implemented using said search markup language to permit sharing of said forensic search tool by said computing platform associated with the first entity with said at least one computing platform associated with the second entity. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification