Phone home servlet in a computer investigation system
First Claim
1. In a data communications network including a server, an examining device, and a target device, a method for conducting forensic investigations of the target device over the data communications network, the method comprising:
- periodically receiving, by the server, from the target device, a request for connection, the request including identification information for the target device;
establishing connection, by the server, with the target device, in response to the request;
comparing, by the server, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and
providing data, by the server, for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link,wherein the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, andthe request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for conducting forensic investigations is provided which includes a target device, an examining device, and a server. The target device includes a phone home servlet which is configured to periodically transmit to the server a request for connection. The server grants the request for connection if there is an investigation request pending from the examining device for the requesting target device. If no such request is pending, the request is denied. The servlet is programmed with various phone home parameters for determining whether the target device should transmit the request for connection.
-
Citations
29 Claims
-
1. In a data communications network including a server, an examining device, and a target device, a method for conducting forensic investigations of the target device over the data communications network, the method comprising:
-
periodically receiving, by the server, from the target device, a request for connection, the request including identification information for the target device; establishing connection, by the server, with the target device, in response to the request; comparing, by the server, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data, by the server, for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server coupled to an examining device and a target device over a data communications network for conducting forensic investigations of the target device, the server comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; periodically receiving from the target device a request for connection, the request including identification information for the target device; establishing connection with the target device in response to the request; comparing, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device. - View Dependent Claims (10, 11, 12)
-
-
13. An examining device coupled to a server and a target device over a data communications network for conducting forensic investigations of the target device, the examining device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; establishing a first connection with the server; transmitting to the server a request to investigate the target device, the request including identification information for the target device; waiting for the target device to establish a second connection with the server, the target device being configured to transmit a connection request to the server for establishing the second connection, the connection request for the second connection including identification information for the target device; establishing a secure communication link with the target device in response to the target device establishing the second connection with the server, and in response to the server comparing the identification information provided by the target device with the identification information provided by the examining device and determining that a request to investigate the target device is pending from the examining device; and receiving an output from the target device via the secure communication link responsive to the investigation command, wherein the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device. - View Dependent Claims (14, 15)
-
-
16. A target device coupled to a server and an examining device over a data communications network for being investigated by the examining device, the target device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; determining whether it is time to connect to the server; determining connection to the data communications network; transmitting a request to connect to the server if it is time to connect to the server and it is connected to the data communications network, wherein the request includes identification information for the target device; receiving a grant to the request to connect; receiving from the server, data for establishing a secure communication link with the examining device, wherein the server provides the data in response to a match by the server of the identification information received from the target device with stored identification information and determining that a request to investigate the target device is pending from the examining device; and transmitting an output to the examining device over the secure communication link, wherein the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device. - View Dependent Claims (17, 18, 19, 20)
-
-
21. In a data communications network including a server, an examining device, and a target device, a method for conducting forensic investigations of the target device over the data communications network, the method comprising:
-
periodically receiving, by the server, from the target device, a request for connection, the request including identification information for the target device; establishing connection, by the server, with the target device, in response to the request; comparing, by the server, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data, by the server, for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the request for connection depends on a number of unsuccessful attempts to connect with the server, a number of successful connections between the examining device and the target device, and a number of denials of a connection between the examining device and the target device.
-
-
22. In a data communications network including a server, an examining device, and a target device, a method for conducting forensic investigations of the target device over the data communications network, the method comprising:
-
periodically receiving, by the server, from the target device, a request for connection, the request including identification information for the target device; establishing connection, by the server, with the target device, in response to the request; comparing, by the server, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data, by the server, for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
23. In a data communications network including a server, an examining device, and a target device, a method for conducting forensic investigations of the target device over the data communications network, the method comprising:
-
periodically receiving, by the server, from the target device, a request for connection, the request including identification information for the target device; establishing connection, by the server, with the target device, in response to the request; comparing, by the server, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data, by the server, for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device, and the request for connection is transmitted by the target device if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
24. A server coupled to an examining device and a target device over a data communications network for conducting forensic investigations of the target device, the server comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; periodically receiving from the target device a request for connection, the request including identification information for the target device; establishing connection with the target device in response to the request; comparing, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
25. A server coupled to an examining device and a target device over a data communications network for conducting forensic investigations of the target device, the server comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; periodically receiving from the target device a request for connection, the request including identification information for the target device; establishing connection with the target device in response to the request; comparing, in response to establishing the connection with the target device, the identification information received from the target device with stored identification information for determining whether a request to investigate the target device is pending from the examining device; and providing data for establishing a secure communication link between the examining device and the target device in response to a match of the identification information received from the target device with the stored identification information, the examining device being configured to receive an output from the target device via the secure communication link, wherein the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device, and the target device is configured to transmit the request for connection if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
26. An examining device coupled to a server and a target device over a data communications network for conducting forensic investigations of the target device, the examining device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; establishing a first connection with the server; transmitting to the server a request to investigate the target device, the request including identification information for the target device; waiting for the target device to establish a second connection with the server, the target device being configured to transmit a connection request to the server for establishing the second connection, the connection request for the second connection including identification information for the target device; establishing a secure communication link with the target device in response to the target device establishing the second connection with the server, and in response to the server comparing the identification information provided by the target device with the identification information provided by the examining device and determining that a request to investigate the target device is pending from the examining device; and receiving an output from the target device via the secure communication link responsive to the investigation command, wherein the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
27. An examining device coupled to a server and a target device over a data communications network for conducting forensic investigations of the target device, the examining device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; establishing a first connection with the server; transmitting to the server a request to investigate the target device, the request including identification information for the target device; waiting for the target device to establish a second connection with the server, the target device being configured to transmit a connection request to the server for establishing the second connection, the connection request for the second connection including identification information for the target device; establishing a secure communication link with the target device in response to the target device establishing the second connection with the server, and in response to the server comparing the identification information provided by the target device with the identification information provided by the examining device and determining that a request to investigate the target device is pending from the examining device; and receiving an output from the target device via the secure communication link responsive to the investigation command, wherein the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device, and the target device is configured to transmit the connection request if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
28. A target device coupled to a server and an examining device over a data communications network for being investigated by the examining device, the target device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; determining whether it is time to connect to the server; determining connection to the data communications network; transmitting a request to connect to the server if it is time to connect to the server and it is connected to the data communications network, wherein the request includes identification information for the target device; receiving a grant to the request to connect; receiving from the server, data for establishing a secure communication link with the examining device, wherein the server provides the data in response to a match by the server of the identification information received from the target device with stored identification information and determining that a request to investigate the target device is pending from the examining device; and transmitting an output to the examining device over the secure communication link, wherein the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of consecutive attempts to connect to the server without establishing the connection, and the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
-
29. A target device coupled to a server and an examining device over a data communications network for being investigated by the examining device, the target device comprising:
-
a processor; and a memory operably coupled to the processor and storing program instructions therein, the processor being operable to execute the program instructions, the program instructions including; determining whether it is time to connect to the server; determining connection to the data communications network; transmitting a request to connect to the server if it is time to connect to the server and it is connected to the data communications network, wherein the request includes identification information for the target device; receiving a grant to the request to connect; receiving from the server, data for establishing a secure communication link with the examining device, wherein the server provides the data in response to a match by the server of the identification information received from the target device with stored identification information and determining that a request to investigate the target device is pending from the examining device; and transmitting an output to the examining device over the secure communication link, wherein the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of consecutive times a connection is made with the server without also connecting to the examining device, and the target device is configured to transmit the request to connect if the target device has not satisfied a maximum number of times the secure communication link is established between the examining device and the target device.
-
Specification