Enterprise computer investigation system
First Claim
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
- authenticating the client device by the server;
establishing secure communication between the server and the client device over the data communications network;
receiving from the client device over the data communications network, a request for conducting an investigation of the target device;
establishing secure communication between the server and the target device over the data communications network;
providing by the server to the client device, over the data communications network, data for conducting the forensic investigation of the target device in response to the request for conducting the investigation;
establishing secure communication between the client device and the target device over the data communications network in response to the data provided by the server;
generating and encrypting by the client device an investigation command;
transmitting the encrypted investigation command to the target device over the data communications network;
generating and encrypting by the target device an output responsive to the investigation command; and
transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
36 Citations
36 Claims
-
1. In a data communications network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device, the method comprising:
-
authenticating the client device by the server; establishing secure communication between the server and the client device over the data communications network; receiving from the client device over the data communications network, a request for conducting an investigation of the target device; establishing secure communication between the server and the target device over the data communications network; providing by the server to the client device, over the data communications network, data for conducting the forensic investigation of the target device in response to the request for conducting the investigation; establishing secure communication between the client device and the target device over the data communications network in response to the data provided by the server; generating and encrypting by the client device an investigation command; transmitting the encrypted investigation command to the target device over the data communications network; generating and encrypting by the target device an output responsive to the investigation command; and transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A forensic investigation server for remotely conducting forensic investigations of a target device via a client device over a data communications network, the server comprising:
-
a processor; and a memory operably coupled to the processor and having program instructions stored therein, the processor being operable to execute the program instructions, the program instructions including; authenticating the client device; establishing secure communication with the client device over the data communications network; receiving from the client device over the data communications network, a request for conducting an investigation of the target device; establishing secure communication with the target device over the data communications network; providing to the client device, over the data communications network, data for conducting the forensic investigation of the target device in response to the request for conducting the investigation, wherein the client device is configured to establish secure communication with the target device, over the data communications network, in response to the data provided by the server, and wherein the client device is further configured to generate and encrypt an investigation command, transmit the encrypted investigation command to the target device over the data communications network, wherein the target device is configured to generate and encrypt an output responsive to the investigation command and transmit the encrypted output to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable media embodying program instructions for execution by a data processing apparatus, the program instructions adapting the data processing apparatus for enabling a client device for remotely conducting forensic investigations of a target device, the program instructions comprising:
-
authenticating the client device; establishing secure communication with the client device over a data communications network; receiving from the client device over the data communications network, a request for conducting an investigation of the target device; establishing secure communication with the target device over the data communications network; and providing to the client device, over the data communications network, data for conducting the forensic investigation of the target device in response to the request for conducting the investigation, wherein the client device is configured to establish secure communication with the target device, over the data communications network, in response to the data provided by the server, and wherein the client device is further configured to generate and encrypt an investigation command, transmit the encrypted investigation command to the target device over the data communication network, wherein the target device is configured to generate and encrypt an output responsive to the investigation command and transmit the encrypted output to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A forensic investigation server for remotely conducting forensic investigations of a target device via a client device over a data communications network, the server comprising:
-
means for authenticating the client device; means for establishing secure communication with the client device over the data communications network; means for receiving from the client device over the data communications network, a request for conducting an investigation of the target device; means for establishing secure communication with the target device over the data communications network; means for providing by the server to the client device, over the data communications network, data for conducting the forensic investigation of the target device in response to the request for conducting the investigation; means for establishing secure communication between the client device and the target device over the data communications network in response to the data provided by the server; means for generating and encrypting by the client device an investigation command; means for transmitting the encrypted investigation command to the target device over the data communications network; means for generating and encrypting by the target device an output responsive to the investigation command; and means for transmitting the encrypted output by the target device to the client device, wherein the means for transmitting the encrypted output bypasses the server. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
Specification