Automated forensic document signatures
First Claim
1. A computerized method of a computer system for proactively generating and querying computer forensic evidence for a computer system, comprising:
- generating a representation of content of at least one target within a set of targetsgenerating an inverted index of the set of targets, wherein the inverted index stores a mapping of terms from associated contents,wherein generating the inverted index further comprises pooling the terms contained in the set of targets and indexing the terms, andwherein the inverted index is associated with representations of the content of each target of the set of targets, andwherein the inverted index is proactively generated for computer forensic evidence for the at least one target and configured to allow a forensic analysis with the computer forensic evidence by maintaining a forensically accurate representation of the content of the at least one target including if the content changes, andwherein the inverted index is updated upon occurrence of a predetermined operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided for a proactive approach for computer forensic investigations. The invention allows organizations anticipating the need for forensic analysis to prepare in advance. Digital representations are generated proactively for a specified target. A digital representation is a digest of the content of the target. Digital representations of a collection of targets indexed and organized in a data structure, such as an inverted index. The searching and comparison of digital representations of a collection of targets allows quick and accurate identification of targets having identical or similar content. Computational and storage costs are expended in advance, which allows more efficient computer forensic investigations. The present invention can be applied to numerous applications, such as computer forensic evidence gathering, misuse detection, network intrusion detection, and unauthorized network traffic detection and prevention.
67 Citations
29 Claims
-
1. A computerized method of a computer system for proactively generating and querying computer forensic evidence for a computer system, comprising:
-
generating a representation of content of at least one target within a set of targets generating an inverted index of the set of targets, wherein the inverted index stores a mapping of terms from associated contents, wherein generating the inverted index further comprises pooling the terms contained in the set of targets and indexing the terms, and wherein the inverted index is associated with representations of the content of each target of the set of targets, and wherein the inverted index is proactively generated for computer forensic evidence for the at least one target and configured to allow a forensic analysis with the computer forensic evidence by maintaining a forensically accurate representation of the content of the at least one target including if the content changes, and wherein the inverted index is updated upon occurrence of a predetermined operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
18. A non-transitory computer-readable storage that configures a computer system to perform a method of proactively generating and comparing computer forensic evidence for a computer system, the method comprising:
-
generating a representation of content of at least one target within a set of targets; and generating an inverted index of the set of targets, wherein the inverted index stores a mapping of terms from associated contents, wherein generating the inverted index further comprises pooling the terms contained in the set of targets and indexing the terms, wherein the inverted index is associated with representations of the content of each target of the set of targets, wherein the inverted index is proactively generated for computer forensic evidence for the at least one target and configured to allow a forensic analysis with the computer forensic evidence by maintaining a forensically accurate representation of the content of the at least one target including if the content changes, and wherein the inverted index is updated upon occurrence of a predetermined operation.
-
-
19. An apparatus for proactively generating and comparing computer forensic evidence, comprising:
-
a processor arranged to generate a representation of content of at least one target within a set of targets; and a processor arranged to generate an inverted index of the set of targets, wherein the inverted index stores a mapping of terms from associated contents, wherein the processor is further arranged to pool the terms contained in the set of targets and index the terms, wherein the inverted index is associated with representations of the content of each target of the set of targets, wherein the inverted index is proactively generated for computer forensic evidence for the at least one target and configured to allow a forensic analysis with the computer forensic evidence by maintaining a forensically accurate representation of the content of the at least one target including if the content changes, and wherein the inverted index is updated upon occurrence of a predetermined operation.
-
Specification