Enterprise Computer Investigation System

Abstract

A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS [0001] This application is a continuation of U.S. patent application Ser. No. 10 / 176,349, filed Jun. 20, 2002, the entire content of which is incorporated by reference herein.FIELD OF THE INVENTION [0002] The present invention relates to computer investigation systems, and more specifically, to secure computer forensic investigations in a network. BACKGROUND [0003] Computer investigation has become increasingly important as the use of computers has extended to virtually all areas of everyday life. Computer investigation, as used herein, includes computer forensics, which is the collection, preservation and analysis of computer-related evidence. Computer-related evidence is increasingly being used for court trials and police investigations. Computer evidence may be relevant in criminal or civil matters. [0004] One tool for computer forensic investigation is software used to perform the computer forensic investigation. Electronic evidence may be...

AI Technical Summary

Benefits of technology

This approach allows for secure, minimally invasive forensic analysis that preserves data integrity by reducing network traffic and avoiding operating system interactions, enabling efficient examination of all file structures and hidden data without altering timestamps or creating temporary files.

Problems solved by technology

For example, merely booting a target computer into its native Windows environment will alter critical date stamps, erase temporary data, and cause data to be written to a hard disk drive or other storage device, thereby possibly destroying or altering data on the storage device.

Viewing computer files presents additional problems when used in a network setting.

Even though a remote administrator can commonly access files, a remote administrator may be unable to access such items as swap files, deleted files, file slack, or printer spooler files.

Additionally, a search done by the remote administrator may be slower than a search carried out by software resident on that node.

Remote access over a computer network also provides additional opportunities for abuse, such as unauthorized inspection.

Images