WO2007075813A3 - Enterprise-wide data identification, sharing and management, and searching forensic data - Google Patents

Enterprise-wide data identification, sharing and management, and searching forensic data Download PDF

Info

Publication number
WO2007075813A3
WO2007075813A3 PCT/US2006/048651 US2006048651W WO2007075813A3 WO 2007075813 A3 WO2007075813 A3 WO 2007075813A3 US 2006048651 W US2006048651 W US 2006048651W WO 2007075813 A3 WO2007075813 A3 WO 2007075813A3
Authority
WO
WIPO (PCT)
Prior art keywords
data
suspect
extracted
enterprise
sharing
Prior art date
Application number
PCT/US2006/048651
Other languages
French (fr)
Other versions
WO2007075813A2 (en
Inventor
Raphael Bousquet
J J Wallia
Original Assignee
Advanced Digital Forensic Solu
Raphael Bousquet
J J Wallia
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/318,340 external-priority patent/US7941386B2/en
Priority claimed from US11/318,084 external-priority patent/US7603344B2/en
Application filed by Advanced Digital Forensic Solu, Raphael Bousquet, J J Wallia filed Critical Advanced Digital Forensic Solu
Publication of WO2007075813A2 publication Critical patent/WO2007075813A2/en
Publication of WO2007075813A3 publication Critical patent/WO2007075813A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/242Query formulation
    • G06F16/2433Query languages
    • G06F16/2448Query languages for particular applications; for extensibility, e.g. user defined types
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/907Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/907Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/908Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content

Abstract

A system and method of automatically identifying relevant or suspect data during a digital forensic investigation. Input raw data are extracted from various digital data sources. The system determines to which one or more identification modules the unknown raw data should be delivered to for processing. This determination is based on the type of data in the extracted raw data coming into the application. Suspect or relevant data that are identified includes that data that are identical to or similar to the extracted unknown raw data. If there are suspect data, the system transmits a message or alert to interested parties or stores the findings/report on a storage device. In this manner, the suspect data are identified automatically, without intervention by a human being.
PCT/US2006/048651 2005-12-23 2006-12-21 Enterprise-wide data identification, sharing and management, and searching forensic data WO2007075813A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US11/318,084 2005-12-23
US11/318,340 US7941386B2 (en) 2005-10-19 2005-12-23 Forensic systems and methods using search packs that can be edited for enterprise-wide data identification, data sharing, and management
US11/318,340 2005-12-23
US11/318,084 US7603344B2 (en) 2005-10-19 2005-12-23 Methods for searching forensic data

Publications (2)

Publication Number Publication Date
WO2007075813A2 WO2007075813A2 (en) 2007-07-05
WO2007075813A3 true WO2007075813A3 (en) 2009-01-15

Family

ID=38218576

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/048651 WO2007075813A2 (en) 2005-12-23 2006-12-21 Enterprise-wide data identification, sharing and management, and searching forensic data

Country Status (1)

Country Link
WO (1) WO2007075813A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8280905B2 (en) 2007-12-21 2012-10-02 Georgetown University Automated forensic document signatures
US8312023B2 (en) 2007-12-21 2012-11-13 Georgetown University Automated forensic document signatures
GB2470198A (en) * 2009-05-13 2010-11-17 Evidence Talks Ltd Digital forensics using a control pod with a clean evidence store
FR2954547B1 (en) 2009-12-21 2012-10-12 Alcatel Lucent METHOD FOR DETECTING A MISUSE OF COMPUTER RESOURCES
US9071924B2 (en) 2011-06-20 2015-06-30 Aces & Eights Corporation Systems and methods for digital forensic triage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6538623B1 (en) * 1999-05-13 2003-03-25 Pirooz Parnian Multi-media data collection tool kit having an electronic multi-media “case” file and method of use
US20030084279A1 (en) * 2001-10-29 2003-05-01 Pitney Bowes Inc. Monitoring system for a corporate network
US20050022014A1 (en) * 2001-11-21 2005-01-27 Shipman Robert A Computer security system
US6973449B2 (en) * 2003-05-27 2005-12-06 National Association For Child Abduction Prevention System, method of portable USB key interfaced to computer system for facilitating the recovery and/or identification of a missing person having person's unique identification, biological information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6538623B1 (en) * 1999-05-13 2003-03-25 Pirooz Parnian Multi-media data collection tool kit having an electronic multi-media “case” file and method of use
US20030084279A1 (en) * 2001-10-29 2003-05-01 Pitney Bowes Inc. Monitoring system for a corporate network
US20050022014A1 (en) * 2001-11-21 2005-01-27 Shipman Robert A Computer security system
US6973449B2 (en) * 2003-05-27 2005-12-06 National Association For Child Abduction Prevention System, method of portable USB key interfaced to computer system for facilitating the recovery and/or identification of a missing person having person's unique identification, biological information

Also Published As

Publication number Publication date
WO2007075813A2 (en) 2007-07-05

Similar Documents

Publication Publication Date Title
WO2007124417A3 (en) Backwards researching time stamped events to find an origin of pestware
WO2006121572A3 (en) System and method for scanning obfuscated files for pestware
MX2010003670A (en) Location and time based filtering of broadcast information.
TW200625140A (en) RFID server internals design
WO2005101186A3 (en) System, method and computer program product for extracting metadata faster than real-time
WO2008115670A3 (en) System and method for identifying content
MXPA05014162A (en) Signature-based program identification apparatus and methods for use with digital broadcast systems.
TW200622785A (en) Rfid enabled information systems utilizing a business application
GB0517303D0 (en) System and method for processing secure transmissions
WO2008157810A3 (en) System and method for compending blogs
WO2007146994A3 (en) Content enhancement based on contextual data within a feed
WO2008036195A3 (en) Managing the insertion of overlay content into a video signal
HK1149842A1 (en) Device and method for calculating a fingerprint of an audio signal, device and method for synchronizing and device and method for characterizing a test audio signal
WO2007075813A3 (en) Enterprise-wide data identification, sharing and management, and searching forensic data
WO2006065594A3 (en) Method and system for monitoring a workflow for an object
WO2006124654A3 (en) Simple automated polling system for determining attitudes, beliefs and opinions of persons
WO2009011030A1 (en) Information processing system, information processing apparatus, and information processing method
WO2004050835A8 (en) Predicting animal performance
GB2430058A (en) A system and method for retrieving information and a system and method for storing information
GB2465959B (en) Method and arrangement relating to a media structure
TW200943846A (en) Methods and systems for processing common gain values and a computer program product
EP1791071A3 (en) Implementing digital rights management systems
GB2447574A (en) Systems and methods of conducting clinical research
WO2018106437A3 (en) Street watch
DE60314636D1 (en) Method for monitoring computer systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC, EPO FORM 1205A SENT ON 10/11/08

122 Ep: pct application non-entry in european phase

Ref document number: 06847849

Country of ref document: EP

Kind code of ref document: A2