Enterprise computer investigation system

US 8,838,969 B2
Filed: 02/01/2013
Issued: 09/16/2014
Est. Priority Date: 06/20/2002
Status: Expired due to Term

First Claim

Patent Images

1. In a wide area network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device over the wide area network, the method comprising:

establishing secure communication between the client device and the target device over the wide area network in response to data provided by the server, wherein the target device runs a servelet installed on the target device;

invoking the servelet by the client device to obtain, over the wide area network, a list of target files stored in the target device;

generating and encrypting by the client device an investigation command for investigating the target files, wherein the investigation command includes a search key;

transmitting the encrypted investigation command to the target device over the wide area network;

generating and encrypting by the servelet running in the target device an output responsive to the investigation command, wherein the output generated by the servelet includes information on matches of the search key found upon searching, by the servelet, the target files; and

transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.

Citations

14 Claims

1. In a wide area network including a server, client device, and target device, a method for remotely conducting forensic investigations of the target device over the wide area network, the method comprising:
- establishing secure communication between the client device and the target device over the wide area network in response to data provided by the server, wherein the target device runs a servelet installed on the target device;
  
  invoking the servelet by the client device to obtain, over the wide area network, a list of target files stored in the target device;
  
  generating and encrypting by the client device an investigation command for investigating the target files, wherein the investigation command includes a search key;
  
  transmitting the encrypted investigation command to the target device over the wide area network;
  
  generating and encrypting by the servelet running in the target device an output responsive to the investigation command, wherein the output generated by the servelet includes information on matches of the search key found upon searching, by the servelet, the target files; and
  
  transmitting the encrypted output by the target device to the client device via the secure communication established between the client device and the target device, wherein the transmitting of the encrypted output by the target device to the client device bypasses the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - authenticating the client device by the server; and
      
      establishing secure communication between the server and the client device over the wide area network.
  - 3. The method of claim 2 further comprising:
    - establishing secure communication between the server and the target device over the wide area network.
  - 4. The method of claim 1, wherein the target files are searched without changing file stamps.
  - 5. The method of claim 1, wherein the target files are searched without using operating system utilities of the target device.
  - 6. The method of claim 1 further comprising:
    - storing by the client device into a storage device coupled to the client device, information on the matches of the search key provided by the target device.
  - 7. The method of claim 1 further comprising:
    - obtaining by the client device, over the wide area network, content of one or more of the target files stored by the target device in response to the information on the matches of the search key provided by the target device.

8. A system for remotely conducting forensic investigations of a target device over a wide area network, the system comprising:
- a processor; and
  
  a memory coupled to the processor storing program instructions that, when executed by the processor, cause the processor to;
  
  establish secure communication with the target device over the wide area network in response to data provided by a server, wherein the target device runs a servelet installed on the target device;
  
  invoke the servelet to obtain, over the wide area network, a list of target files stored in the target device;
  
  generate and encrypt an investigation command for investigating the target files, wherein the investigation command includes a search key;
  
  transmit the encrypted investigation command to the target device over the wide area network;
  
  receive from the target device via the secure communication established with the target device, output encrypted by the servelet in response to the investigation command, the output including information on matches of the search key found upon searching, by the servelet, the target files, wherein the output transmitted by the target device bypasses the server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the instructions further cause the processor to:
    - establish secure communication with the server over the wide area network.
  - 10. The system of claim 9, wherein the server is configured to establish secure communication with the target device over the wide area network.
  - 11. The system of claim 8, wherein the target files are searched without changing file stamps.
  - 12. The system of claim 8, wherein the target files are searched without using operating system utilities of the target device.
  - 13. The system of claim 8 further comprising:
    - a storage device coupled to the processor, wherein the storage device stores information on the matches of the search key provided by the target device.
  - 14. The system of claim 8, wherein the instructions further cause the processor to:
    - obtain over the wide area network content of one or more of the target files stored by the target device in response to the information on the matches of the search key provided by the target device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Text Holdings, Inc. (Open Text Corporation)
Original Assignee
Guidance Software Incorporated (Open Text Corporation)
Inventors
McCreight, Shawn, Weber, Dominik, Garrett, Matthew
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US13/757,481
Publication Number

US 20130212389A1
Time in Patent Office

592 Days
Field of Search

713/168, 713/165, 713/167, 709217-219, 380/278, 380/279, 380/281
US Class Current

713/168
CPC Class Codes

G06F 16/24575   using context

G06F 16/248   Presentation of query results

G06F 16/9535   Search customisation based ...

G06F 21/60   Protecting data

G06F 21/606   by securing the transmissio...

G06F 21/64   Protecting data integrity, ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/1433   Vulnerability analysis

H04L 9/00   Cryptographic mechanisms or...

Enterprise computer investigation system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise computer investigation system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links