System and method for digital evidence analysis and authentication

US 9,147,003 B2
Filed: 10/27/2010
Issued: 09/29/2015
Est. Priority Date: 04/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for acquiring email and other data from computers and providing a secure and productive environment for the investigation of the data, the method comprising:

receiving a plurality of sets of data files from one or more remote computers associated with an investigator;

receiving a request from a second remote computer and associated with an examiner, the request for a first set of data files within the plurality of sets of data files containing email for a first specific person;

receiving a second request from the second remote computer and associated with a requester, the request for authorization of the request for the first set of data files, wherein the requester is the examiner;

transmitting the request for authorization to a set of authorizers;

receiving an authorization from one of the set of authorizers of the request for the first set of data files in response to the request for authorization;

thereby creating a first authorization request;

transmitting the first authorization request over a data communications network to one or more servers containing the first set of data files;

receiving the first set of data files over the data communications network from the one or more servers at the second remote computer in response to transmitting the first authorization request; and

making the first set of data files from the one or more servers available in the second remote computer to the requester as one of a set of authorized reviewers of the first set of data files.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system disclosed provides an efficient mechanism for acquiring email and other data from remote systems in a forensically sound manner. Email for users can be requested by investigators from email servers across the country. It is then be automatically acquired and made available to the examiner, subject to approval, and any others he deems have a need-to-know on a web based system. The data can be searched and bookmarked, and the bookmarks shared. Data can also be uploaded manually and combined with email data in the searching, bookmarking, and sharing.

23 Citations

View as Search Results

24 Claims

1. A method for acquiring email and other data from computers and providing a secure and productive environment for the investigation of the data, the method comprising:
- receiving a plurality of sets of data files from one or more remote computers associated with an investigator;
  
  receiving a request from a second remote computer and associated with an examiner, the request for a first set of data files within the plurality of sets of data files containing email for a first specific person;
  
  receiving a second request from the second remote computer and associated with a requester, the request for authorization of the request for the first set of data files, wherein the requester is the examiner;
  
  transmitting the request for authorization to a set of authorizers;
  
  receiving an authorization from one of the set of authorizers of the request for the first set of data files in response to the request for authorization;
  
  thereby creating a first authorization request;
  
  transmitting the first authorization request over a data communications network to one or more servers containing the first set of data files;
  
  receiving the first set of data files over the data communications network from the one or more servers at the second remote computer in response to transmitting the first authorization request; and
  
  making the first set of data files from the one or more servers available in the second remote computer to the requester as one of a set of authorized reviewers of the first set of data files.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the one or more servers include an email server.
  - 3. The method of claim 2, wherein the one or more servers include a Microsoft Exchange server and the first set of data files include a PST file containing at least one email message.
  - 4. The method of claim 1, wherein the first set of data files are made available on a need-to-know basis.
  - 5. The method of claim 1, further comprising:
    - receiving a request from the requester to make the first set of data files available to at least one other user; and
      
      making the first set of data files available to the at least one other user as one of the set of authorized reviewers in response to receiving the request from the requester.
  - 6. The method of claim 1, further comprising:
    - accepting a bookmark request for a selected file in the first set of data files by one of the set of authorized reviewers;
      
      creating bookmark in response to the bookmark request; and
      
      sharing the bookmark with all of the set of authorized reviewers.
  - 7. The method of claim 1, further comprising verifying at least one unique identifier for the first set of data files received from the one or more servers before accepting the data files and making the data files available to the requester.
  - 8. The method of claim 7, wherein the at least one unique identifier is a hash from a set consisting of MD5 and SHA-1 hashes.
  - 9. The method of claim 1, further comprising:
    - calculating a unique identifier for each of the first set of data files; and
      
      maintaining the unique identifier for each of the first set of data files in association with the file the unique identifier uniquely identifies.
  - 10. The method of claim 1, further comprising accepting an association of the first set of data files with a specific case.
  - 11. The method of claim 10, further comprisingreceiving a request from the requester to make the specific case available to at least one other user;
    - andmaking the specific case and the first set of data files available to the at least one other users as one of the set of authorized reviewers in response to receiving the request from the requester.
  - 12. The method of claim 10, wherein the first set of data files is required to be associated with the specific case before the first request for authorization is transmitted to the set of authorizers.
  - 13. The method of claim 10, further comprising:
    - receiving a request from the requester for a second set of data files containing email for a second specific person;
      
      generating an association of the second set of data files with the specific case;
      
      receiving a request from the requester for authorization of the request for the second set of data files;
      
      transmitting the request for authorization of the second set of data files o the set of authorizers;
      
      receiving an authorization from one of the set of authorizers for the request for the second set of data files in response to the request for authorization, thereby creating a second authorization request;
      
      transmitting the second authorization request over the data communications network to a second set of one or more servers containing the second set of data files;
      
      receiving the second set of data files over the data communications network from the second set of one or more servers at the computer system in response to transmitting the second authorization request; and
      
      making the second set of data files from the second set of one or more servers available in the computer system to the requester as one of the set of authorized reviewers of the second set of data files.
  - 14. The method of claim 13, wherein the first set of one or more servers is a different server than the second server system.
  - 15. The method of claim 10, further comprising:
    - loading a second set of data files onto the computer system; and
      
      making the second set of data files available in the computer system to the requester as one of the set of authorized reviewers of the second set of data files.
  - 16. The method of claim 1, further comprising:
    - receiving a search request for files front the first set of data files;
      
      performing a search in response to receiving the search request; and
      
      providing the requester results from the search including a set of selected files.
  - 17. The method of claim 16, wherein the search performed includes a Boolean search or a natural language search.
  - 18. The method of claim 16, further comprising:
    - receiving a bookmark request for one of the set of selected files; and
      
      recording a bookmark for the one of the set of selected files in response to the bookmark request.
  - 19. The method of claim 18, further comprising:
    - displaying a list of bookmarks including the bookmark recorded to the requester.
  - 20. The method of claim 1, further comprising:
    - identifying the set of one or more servers based on a location for email for the first specific person.
  - 21. The method of claim 1, wherein the first set of data files includes search data and bookmark data associated with the investigator.
  - 22. The method of claim 1, further comprising maintaining a chain of custody file for each data file of the set of data files.

23. A system for acquiring email and other data from computers and providing a secure and productive environment for the investigation of the data, the system comprising:
- a computer processor;
  
  a memory containing computer instructions executable by the computer processor, wherein execution of the instructions;
  
  receives a plurality of sets of data files from one or more remote computers associated with an investigator;
  
  receives a request from a second remote computer and associated with an examiner, the request for a first set of data files within the plurality of sets of data files containing email for a first specific person;
  
  receives a second request from the second remote computer and associated with a requester, the request for authorization of the request for the first set of data files, wherein the requester is the examiner;
  
  transmits the request for authorization to a set of authorizers;
  
  receives an authorization from one of the set of authorizers of the request for the first set of data files in response to the request for authorization, thereby creating a first authorization request;
  
  transmits the first authorization request over a data communications network to one or more servers containing the first set of data files;
  
  receives the first set of data files over the data communications network from the one or more servers at the second remote computer in response to transmitting the first authorization request; and
  
  makes the first set of data files from the one or more servers available in the second remote computer to the requester as one of a set of authorized reviewers of the first set of data files.

24. A non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor, perform a method for acquiring email and other data from computers and providing a secure and productive environment for the investigation of the data, the method comprising:
- receiving a plurality of sets of data files from one or more remote computers associated with an investigator;
  
  receiving a request from a second remote computer and associated with an examiner, the request for a first set of data files within the plurality of sets of data files containing email for a first specific person;
  
  receiving a second request from the second remote computer and associated with a requester, the request for authorization of the request for the first set of data files, wherein the requester is the examiner;
  
  transmitting the request for authorization to a set of authorizers;
  
  receiving an authorization from one of the set of authorizers of the request for the first set of data files in response to the request for authorization, thereby creating a first authorization request;
  
  transmitting the first authorization request over a data communications network to one or more servers containing the first set of data files;
  
  receiving the first set of data files over the data communications network from the one or more servers at the second remote computer in response to transmitting the first authorization request; and
  
  making the first set of data files from the one or more servers available in the second remote computer to the requester as one of a set of authorized reviewers of the first set of data files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United States Postal Service (Government of the United States of America)
Original Assignee
United States Postal Service (Government of the United States of America)
Inventors
Hermitage, Suzanne, Nguyen, Steve D., Steadman, Jeffrey A., Privette, Kennon F., Picciano, Gerry, Padres, Jill
Primary Examiner(s)
LE, HUNG D

Application Number

US12/913,623
Publication Number

US 20110264677A1
Time in Patent Office

1,798 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/958   Organisation or management ...

G06F 40/106   Display of layout of docume...

G06Q 10/107   Computer-aided management o...

H04L 51/216   Handling conversation histo...

H04L 63/302   gathering intelligence info...

H04L 63/308   retaining data, e.g. retain...

H04L 67/01   Protocols

H04L 67/06   specially adapted for file ...

System and method for digital evidence analysis and authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for digital evidence analysis and authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links