Automation of collection of forensic evidence
First Claim
1. A system for automated collection of user-specified forensic data from a target computer associated with a case, the system comprising:
- a computer apparatus having at least one processor and a memory in communication with the processor; and
a software module stored in the memory, executable by the processor and configured to;
initiate a case;
provide a user interface to allow a user to select a target computer within a network by entering into the user interface the Internet Protocol (IP) address or computer name of the target computer, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer;
create at least one subfolder in a folder linked to the case and one or more files in the subfolder for storing the specified forensic data, wherein the one or more files have a filename that comprises (i) the entered IP address or computer name and (ii) a timestamp associated with a time that the software module is being run;
connect the computer apparatus to the target computer and scan the target computer to determine the Operating System (OS) thereof; and
collect the specified forensic data and save the collected data to the files.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to systems, methods and computer program products for automated collection of user-specified forensic data from a target computer associated with a case. In particular, embodiments herein disclosed provide for a system that is configured to provide a user interface to allow a user to select a target computer within a network, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer. The system is also configured to create a subfolder in a folder linked to the case and one or more files in the subfolder for storing the user-specified data; connect the computer apparatus to the target computer; and collect the specified data and save the collected data to the files.
-
Citations
22 Claims
-
1. A system for automated collection of user-specified forensic data from a target computer associated with a case, the system comprising:
-
a computer apparatus having at least one processor and a memory in communication with the processor; and a software module stored in the memory, executable by the processor and configured to; initiate a case; provide a user interface to allow a user to select a target computer within a network by entering into the user interface the Internet Protocol (IP) address or computer name of the target computer, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer; create at least one subfolder in a folder linked to the case and one or more files in the subfolder for storing the specified forensic data, wherein the one or more files have a filename that comprises (i) the entered IP address or computer name and (ii) a timestamp associated with a time that the software module is being run; connect the computer apparatus to the target computer and scan the target computer to determine the Operating System (OS) thereof; and collect the specified forensic data and save the collected data to the files. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for automated collection of user-specified forensic data from a target computer associated with a case, the method comprising:
-
initiating a case; providing a user interface to allow a user to select a target computer within a network by entering into the user interface the Internet Protocol (IP) address or computer name of the target computer, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer; creating at least one subfolder in a folder linked to the case, on the computer apparatus or a computer-readable medium, and one or more files in the subfolder for storing the specified forensic data, wherein the one or more files have a filename that comprises (i) the entered IP address or computer name and (ii) a timestamp associated with a time that the software module is being run; connecting the computer apparatus to the target computer and scanning the target computer to determine the OS thereof; and collecting the specified forensic data and saving the collected data to the files. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product for automated collection of user-specified forensic data from a target computer associated with a case, the computer program product comprising a non-transitory computer-readable medium having one or more computer-readable programs stored therein, and the computer-readable programs, when executed by a computer apparatus, cause the computer apparatus to perform the following steps:
-
providing a user interface to allow a user to select a target computer within a network by entering into the user interface the Internet Protocol (IP) address or computer name of the target computer, select one or more user profiles associated with the target computer, and specify one or more types of forensic data to be collected from the target computer; creating at least one subfolder in a folder linked to the case, on the computer apparatus or a computer-readable medium, and one or more files in the subfolder for storing the specified forensic data, wherein the one or more files have a filename that comprises (i) the entered IP address or computer name and (ii) a timestamp associated with a time that the software module is being run; connecting the computer apparatus to the target computer and scanning the target computer to determine the OS thereof; and collecting the specified forensic data and saving the collected data to the files. - View Dependent Claims (22)
-
Specification