Forensic software investigation
First Claim
1. A computer system including instructions recorded on a non-transitory computer-readable medium and executable by at least one processor, the system comprising:
- a server configured to cause the at least one processor to manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, the server including;
a forensic service interface configured to establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, the forensic service interface providing multiple modes for the forensic service agreement, the multiple modes including at least;
(i) a first mode where the server is configured to manage the forensic investigations in real time on an ongoing basis;
(ii) a second mode where the server is configured to manage the forensic investigations for an event during a time period specified by the client; and
(iii) a third mode where the server is configured to manage the forensic investigations on a just-in-time basis in response to an investigation request from the client;
a forensic data handler configured to acquire forensic data related to each client asset associated with the client, wherein the forensic data handler acquires the forensic data in real time on an ongoing basis when the forensic service agreement specifies the first mode, wherein the forensic data handler acquires the forensic data for the event during the time period when the forensic service agreement specifies the second mode, and wherein the forensic data handler acquires the forensic data on a just-in-time basis when the forensic service agreement specifies the third mode, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset; and
a forensic engine configured to generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset;
wherein the forensic service agreement includes a subscription for Forensics as a Service (FaaS), and under the FaaS subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, and logging of forensic data related to the client assets associated with the client.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.
28 Citations
20 Claims
-
1. A computer system including instructions recorded on a non-transitory computer-readable medium and executable by at least one processor, the system comprising:
-
a server configured to cause the at least one processor to manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, the server including; a forensic service interface configured to establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, the forensic service interface providing multiple modes for the forensic service agreement, the multiple modes including at least; (i) a first mode where the server is configured to manage the forensic investigations in real time on an ongoing basis;
(ii) a second mode where the server is configured to manage the forensic investigations for an event during a time period specified by the client; and
(iii) a third mode where the server is configured to manage the forensic investigations on a just-in-time basis in response to an investigation request from the client;a forensic data handler configured to acquire forensic data related to each client asset associated with the client, wherein the forensic data handler acquires the forensic data in real time on an ongoing basis when the forensic service agreement specifies the first mode, wherein the forensic data handler acquires the forensic data for the event during the time period when the forensic service agreement specifies the second mode, and wherein the forensic data handler acquires the forensic data on a just-in-time basis when the forensic service agreement specifies the third mode, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset; and a forensic engine configured to generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset; wherein the forensic service agreement includes a subscription for Forensics as a Service (FaaS), and under the FaaS subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, and logging of forensic data related to the client assets associated with the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer program product, the computer program product tangibly embodied on a non-transitory computer-readable storage medium and including instructions that, when executed by at least one processor, are configured to:
-
manage forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, the instructions configured to; establish the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, wherein multiple modes are provided for the forensic service agreement, the multiple modes including at least;
(i) a first mode where the forensic investigations are managed in real time on an ongoing basis;
(ii) a second mode where the forensic investigations are managed for an event during a time period specified by the client; and
(iii) a third mode where the forensic investigations are managed on a just-in-time basis in response to an investigation request from the client;acquire forensic data related to each client asset associated with the client, wherein the forensic data is acquired in real time on an ongoing basis when the forensic service agreement specifies the first mode, wherein the forensic data is acquired for the event during the time period when the forensic service agreement specifies the second mode, and wherein the forensic data is acquired on a just-in-time basis when the forensic service agreement specifies the third mode, and generate one or more client inventory records for each client asset based on the forensic data related to each client asset; generate one or more client evidence records for each client asset based on each client inventory record generated for each client asset; and persist the one or more client inventory records and the one or more client evidence records in a data store; wherein the forensic service agreement includes a subscription for Forensics as a Service (FaaS), and under the FaaS subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, and logging of forensic data related to the client assets associated with the client. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer-implemented method, comprising:
-
managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider in a cloud environment, including; establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, including provision of multiple modes for the forensic service agreement, the multiple modes including at least;
(i) a first mode where the forensic investigations are managed in real time on an ongoing basis;
(ii) a second mode where the forensic investigations are managed for an event during a time period specified by the client; and
(iii) a third mode where the forensic investigations are managed on a just-in-time basis in response to an investigation request from the client;receiving at least one request from the client for forensic investigation of the client assets associated with the client based on the forensic service agreement established between the client and the cloud service provider; acquiring forensic data related to each client asset associated with the client, wherein the forensic data is acquired in real time on an ongoing basis when the forensic service agreement specifies the first mode, wherein the forensic data is acquired for the event during the time period when the forensic service agreement specifies the second mode, and wherein the forensic data is acquired on a just-in-time basis when the forensic service agreement specifies the third mode, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset; searching the generated client inventory records for suspicious activity related to each client asset associated with the client; generating one or more client evidence records for each client asset including forensic data related to suspicious activity associated with each client asset based on each client inventory record generated for each client asset; and persisting in a data store the one or more client inventory records and the one or more client evidence records including forensic data related to suspicious activity associated with each client asset; wherein the forensic service agreement includes a subscription for Forensics as a Service (FaaS), and under the FaaS subscription, the cloud service provider is configured to expose one or more forensic functionalities related to one or more of on-demand investigation, troubleshooting, auditing, and logging of forensic data related to the client assets associated with the client.
-
Specification