Enterprise computer investigation system
First Claim
1. In a wide area network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device over the wide area network, the method comprising:
- establishing secure communication between the client device and the target device over the wide area network in response to data provided by the server, wherein the target device runs a servelet installed on the target device;
invoking the servelet by the client device to obtain, over the wide area network, a list of target files stored in the target device;
generating and encrypting by the client device an investigation command for investigating the target files, wherein the investigation command includes a search key;
transmitting the encrypted investigation command to the target device over the wide area network;
generating and encrypting by the servelet running in the target device an output responsive to the investigation command, wherein the output generated by the servelet includes information on matches of the search key found upon searching, by the servelet, the target files; and
transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server.
9 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
-
Citations
14 Claims
-
1. In a wide area network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device over the wide area network, the method comprising:
-
establishing secure communication between the client device and the target device over the wide area network in response to data provided by the server, wherein the target device runs a servelet installed on the target device; invoking the servelet by the client device to obtain, over the wide area network, a list of target files stored in the target device; generating and encrypting by the client device an investigation command for investigating the target files, wherein the investigation command includes a search key; transmitting the encrypted investigation command to the target device over the wide area network; generating and encrypting by the servelet running in the target device an output responsive to the investigation command, wherein the output generated by the servelet includes information on matches of the search key found upon searching, by the servelet, the target files; and transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for remotely conducting forensic investigations of a target device over a wide area network, the system comprising:
-
a processor; and a memory coupled to the processor storing program instructions that, when executed by the processor, cause the processor to; establish secure communication with the target device over the wide area network in response to data provided by a server, wherein the target device runs a servelet installed on the target device; invoke the servelet to obtain, over the wide area network, a list of target files stored in the target device; generate and encrypt an investigation command for investigating the target files, wherein the investigation command includes a search key; transmit the encrypted investigation command to the target device over the wide area network; receive from the target device via the secure communication established with the target device, output encrypted by the servelet in response to the investigation command, the output including information on matches of the search key found upon searching, by the servelet, the target files, wherein the output transmitted by the target device bypasses the server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification