Systems and methods for digital forensic triage

US 9,071,924 B2
Filed: 06/20/2012
Issued: 06/30/2015
Est. Priority Date: 06/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method for forensic triage comprising:

coupling, communicatively, a computer and a mobile device, wherein the computer comprises one or more processors conductively coupled to one or more memory modules and the mobile device comprises one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules, and machine readable instructions stored on the one or more mobile memory modules of the mobile device;

booting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device;

receiving a search data set with the one or more mobile processors of the mobile device, wherein the search data set comprises a keyword list that comprises a plurality of keywords of interest, a hash list that comprises a plurality of hashes that correspond to output from a cryptographic hash function, and a search list that comprises a plurality of identifiers that each correspond to an instance of a system resource;

executing, automatically with the one or more processors, the one or more mobile processors, or both, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set;

coupling, communicatively, the mobile device and a cloud computing device with a cellular network; and

transmitting the triage data via the one or more communication modules of the mobile device over the cellular network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for forensic triage may include coupling, communicatively, a computer and a mobile device. The computer can be booted with machine readable instructions stored on the one or more mobile memory modules of the mobile device. A search data set can be received with one or more mobile processors of the mobile device. One or more processors of the computer, the one or more mobile processors, or both, can execute, automatically, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set. The triage data can be transmitted via one or more communication modules of the mobile device.

11 Citations

10 Claims

1. A method for forensic triage comprising:
- coupling, communicatively, a computer and a mobile device, wherein the computer comprises one or more processors conductively coupled to one or more memory modules and the mobile device comprises one or more mobile processors conductively coupled to one or more mobile memory modules and one or more communication modules, and machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  booting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device;
  
  receiving a search data set with the one or more mobile processors of the mobile device, wherein the search data set comprises a keyword list that comprises a plurality of keywords of interest, a hash list that comprises a plurality of hashes that correspond to output from a cryptographic hash function, and a search list that comprises a plurality of identifiers that each correspond to an instance of a system resource;
  
  executing, automatically with the one or more processors, the one or more mobile processors, or both, the machine readable instructions stored on the one or more mobile memory modules of the mobile device to search the one or memory modules of the computer in a read only mode for triage data that corresponds to the search data set;
  
  coupling, communicatively, the mobile device and a cloud computing device with a cellular network; and
  
  transmitting the triage data via the one or more communication modules of the mobile device over the cellular network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - storing the triage data in the one or more mobile memory modules of the mobile device.
  - 3. The method of claim 1, further comprising:
    - coupling, communicatively, the mobile device and a cloud computing device with the cellular network, wherein the cloud computing device comprises one or more cloud processors communicatively coupled to one or more cloud memory modules, and wherein the triage data is transmitted over the cellular network and stored in the one or more cloud memory modules.
  - 4. The method of claim 3, further comprising:
    - pushing the search data set from the cloud computing device to the mobile device over the cellular network.
  - 5. The method of claim 3, further comprising:
    - pushing the search data set from the mobile device to the cloud computing device over the cellular network.
  - 6. The method of claim 1, further comprising:
    - copying, automatically with the one or more processors, the one or more mobile processors, or both, one or more system resources from the one or more memory modules of the computer to the one or more mobile memory modules of the mobile device.
  - 7. The method of claim 6, further comprising:
    - shutting the computer down;
      
      rebooting the computer with the machine readable instructions stored on the one or more mobile memory modules of the mobile device; and
      
      restoring the one or more system resources from the one or more mobile memory modules of the mobile device to the one or more memory modules of the computer, wherein the one or more system resources comprises at least one operating system detail.
  - 8. The method of claim 1, further comprising:
    - capturing image data; and
      
      associating, automatically with the one or more mobile processors, the image data with the triage data in the one or more mobile memory modules of the mobile device.
  - 9. The method of claim 1, wherein the computer and the mobile device are communicatively coupled with a wire.
  - 10. The method of claim 1, wherein the computer and the mobile device are communicatively coupled with a wirelessly.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aces & Eights Corporation
Original Assignee
Aces & Eights Corporation
Inventors
Frecks, Austin P. Jr., Curry, Anthony W., Lynn, Donald G. Jr., Bland, Christopher J.
Primary Examiner(s)
PHUONG, DAI

Application Number

US13/528,088
Publication Number

US 20120322422A1
Time in Patent Office

1,105 Days
Field of Search

455/418, 455/419, 455/420, 455/554.2, 455/556.1, 455/556.2, 455/557, 455/558, 455/559, 707/706, 707/708, 707/767, 707/768, 707/769, 707/770, 707/771, 707/795, 707/796
US Class Current

1/1
CPC Class Codes

G06F 16/113   Details of archiving lifecy...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2153   Using hardware token as a s...

G06F 9/4416   Network booting; Remote ini...

H04L 63/02   for separating internal fro...

H04L 63/302   gathering intelligence info...

H04L 9/3236   using cryptographic hash fu...

H04W 12/12   Detection or prevention of ...

H04W 4/60   Subscription-based services...

Systems and methods for digital forensic triage

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for digital forensic triage

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links