Online evidence collection
First Claim
1. An automated method of collecting and preserving evidence developed during an on-line investigation of a suspect, the method comprising:
- with an online investigation and evidence collecting and preserving system;
automated storing of evidence gathered on-line by an online investigator while investigating the suspect on-line;
automated storing of files shared by the on-line investigator, a record of web pages accessed by the on-line investigator, and other data indicative of activities performed by the on-line investigator in the course of gathering evidence on-line;
automatically obtaining a time stamp from an external source, wherein the time stamp is indicative of when the on-line investigator gathered the evidence on-line;
automatically encoding the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator with the time stamp from the external source; and
automatically generating a report that sets forth the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator and demonstrates the authenticity of the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator by reference to the time stamp from the external source.
1 Assignment
0 Petitions
Accused Products
Abstract
Collecting and preserving evidence developed during an on-line investigation. Evidence gathered on-line is hashed with a time stamp from an external time source and stored. Other data pertinent to an investigation is also stored and may also be hashed. The evidence may be presented later in a report that demonstrates the authenticity of the evidence. A computer system for on-line investigations includes a CPU, memory, input/output facilities, a communication element, and a security element such as a dongle. Communication software enables the investigator to communicate over the Internet and gather evidence. Investigation software enables the computer system to store and hash the evidence; this may be done automatically. A database structure includes tables for investigator and suspect data, cases, evidence, and provision for storing a time stamp indicating when the evidence was collected.
72 Citations
21 Claims
-
1. An automated method of collecting and preserving evidence developed during an on-line investigation of a suspect, the method comprising:
-
with an online investigation and evidence collecting and preserving system; automated storing of evidence gathered on-line by an online investigator while investigating the suspect on-line; automated storing of files shared by the on-line investigator, a record of web pages accessed by the on-line investigator, and other data indicative of activities performed by the on-line investigator in the course of gathering evidence on-line; automatically obtaining a time stamp from an external source, wherein the time stamp is indicative of when the on-line investigator gathered the evidence on-line; automatically encoding the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator with the time stamp from the external source; and automatically generating a report that sets forth the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator and demonstrates the authenticity of the data indicative of activities performed by the on-line investigator in the course of gathering the evidence on-line and the evidence gathered on-line by the on-line investigator by reference to the time stamp from the external source. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An automated evidence collection and authentication system comprising:
-
a computer including a central processing unit, memory, an input terminal, an output terminal, a communication element, and a security element; communication software responsive to commands from an investigator to cause the computer to communicate electronically with a remotely located computer without revealing the investigator'"'"'s identity; and investigation software operative to cause the computer to store any data obtained from the remotely located computer by the investigator together with files shared by the investigator, a record of web pages accessed by the investigator, and other data indicative of activities performed by the investigator in the course of obtaining the data from the remotely located computer, obtain a time stamp from a remotely located time source, wherein the time stamp is indicative of when the investigator obtained the data from the remotely located computer, automatically encode the data obtained from the remotely located computer by the investigator and the other data indicative of the activities performed by the investigator in the course of obtaining the data from the remotely located computer with the time stamp from the external source, and automatically generate a report that sets forth the data indicative of the activities performed by the investigator in the course of gathering the data from the remotely located computer and the data obtained from the remotely located computer by the investigator and demonstrates authenticity of the data indicative of the activities performed by the investigator in the course of gathering the data from the remotely located computer and the data obtained from the remotely located computer by the investigator by reference to the time stamp from the external source. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computerized on-line evidence collection and authentication system comprising:
-
a computer including a central processing unit, a storage device, input and output terminals, and a communication element; a database structure in the storage device, the database structure including; an investigator table structured to contain data descriptive of a plurality of investigators including undercover identities and investigator handles; a suspect table structured to contain data, descriptive of a plurality of suspects including suspect handles; a case table structured to contain data descriptive of a plurality of investigative cases; an evidence table structured to contain evidence collected on-line by an investigator; a time-stamp structure for containing a time stamp indicative of a time when the evidence was collected; and investigation software in the storage device, operative to cause the computer to store in the evidence table any data obtained from a remotely located computer by an investigator through the communication element together with files shared by the investigator, a record of web pages accessed by the investigator, and other data indicative of activities performed by the investigator in the course of obtaining the data from the remotely located computer, obtain through the communication element a time stamp from a remotely located time source, wherein the time stamp is indicative of when the investigator obtained the data from the remotely located computer, store the time stamp in the time-stamp structure, encode the data obtained from the remotely located computer by the investigator and the other data indicative of the activities performed by the investigator in the course of obtaining the data from the remotely located computer with the time stamp from the external source, and generate a report that sets forth the data indicative of the activities performed by the investigator in the course of gathering the data from the remotely located computer and the data obtained from the remotely located computer by the investigator and demonstrates the authenticity of the data indicative of the activities performed by the investigator in the course of gathering the data obtained from the remotely located computer and the data obtained from the remotely located computer by the investigator by reference to the time stamp from the external source. - View Dependent Claims (18, 19, 20, 21)
-
Specification