Digital forensic acquisition kit and methods of use thereof
First Claim
1. An electronic forensics tool comprising:
- a physical portable memory device, wherein said physical portable memory device is capable of connecting to a target device; and
a forensic acquisition script, wherein said forensic acquisition script is able to load onto said target device and analyze hardware and software configurations of said target device and copy physical memory from the target device to the physical portable memory device, wherein the forensic acquisition script calculates digital signatures, message digests or hash values of available data storage devices in said target device and said physical portable memory device to verify that no modifications are made to the devices by comparing the corresponding digital signatures, message digests or hash values to each other;
wherein a virtual machine file is generated based on the forensic acquisition script which, when executed by a virtual machine in a virtual machine environment, provides an exact copy of the target device to enable a user to navigate files of the target device in the virtual machine environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are compositions, methods, and kits, for issuing and conducting automated imaging and preservation for obtaining digital forensic data from active (i.e., powered-on) and non-active (i.e., powered-off) computer systems. In certain embodiments, the invention further encompasses providing a customer base a preliminary report of data. In other embodiments, the invention encompasses the option to receive a virtual machine file set of the acquired information for additional viewing and examination by the customer. The invention further encompasses methods and systems for implementing the embodiments of the invention. The invention also encompasses methods, apparatuses, and systems for secure forensic investigation of a target machine.
30 Citations
23 Claims
-
1. An electronic forensics tool comprising:
-
a physical portable memory device, wherein said physical portable memory device is capable of connecting to a target device; and a forensic acquisition script, wherein said forensic acquisition script is able to load onto said target device and analyze hardware and software configurations of said target device and copy physical memory from the target device to the physical portable memory device, wherein the forensic acquisition script calculates digital signatures, message digests or hash values of available data storage devices in said target device and said physical portable memory device to verify that no modifications are made to the devices by comparing the corresponding digital signatures, message digests or hash values to each other; wherein a virtual machine file is generated based on the forensic acquisition script which, when executed by a virtual machine in a virtual machine environment, provides an exact copy of the target device to enable a user to navigate files of the target device in the virtual machine environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of obtaining forensic data from a target computer comprising:
-
connecting a physical portable memory device to a target device; running a forensic acquisition script, wherein said forensic acquisition script is able to load onto said target device and analyze hardware and software configurations of said target device and copy physical memory from the target device to the physical portable memory device, wherein said forensic acquisition script calculates digital signatures, message digests or hash values of available data storage devices in said target device and said physical portable memory device to verify that no modifications are made to the devices by comparing the corresponding digital signatures, message digests or hash values to each other; and generating, based on the forensic acquisition script, a virtual machine file which, when executed by a virtual machine in a virtual machine environment, provides an exact copy of the target device to enable a user to navigate files of the target device in the virtual machine environment. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An electronic forensics tool comprising:
-
a physical portable memory device, wherein said physical portable memory device is capable of connecting to a target device; bootup software stored on the physical portable memory device configured to boot the target device a forensic acquisition script, wherein said forensic acquisition script is able to load onto said target device and analyze hardware and software configurations of said target device and copy physical memory from the target device to the physical portable memory device; and wherein a virtual machine file is generated based on the forensic acquisition script which, when executed by a virtual machine in a virtual machine environment, provides an exact copy of the target device to enable a user to navigate files of the target device in the virtual machine environment.
-
Specification