[go: up one dir, main page]

WO2007067425A3 - Forensics tool for examination and recovery of computer data - Google Patents

Forensics tool for examination and recovery of computer data Download PDF

Info

Publication number
WO2007067425A3
WO2007067425A3 PCT/US2006/045978 US2006045978W WO2007067425A3 WO 2007067425 A3 WO2007067425 A3 WO 2007067425A3 US 2006045978 W US2006045978 W US 2006045978W WO 2007067425 A3 WO2007067425 A3 WO 2007067425A3
Authority
WO
WIPO (PCT)
Prior art keywords
present
electronic discovery
data
target machine
forensic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2006/045978
Other languages
French (fr)
Other versions
WO2007067425A2 (en
Inventor
David Sun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/294,562 external-priority patent/US7640323B2/en
Priority claimed from US11/294,560 external-priority patent/US7644138B2/en
Application filed by Individual filed Critical Individual
Publication of WO2007067425A2 publication Critical patent/WO2007067425A2/en
Anticipated expiration legal-status Critical
Publication of WO2007067425A3 publication Critical patent/WO2007067425A3/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • Theoretical Computer Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Storage Device Security (AREA)
  • Automatic Analysis And Handling Materials Therefor (AREA)

Abstract

The present invention concerns an electronic forensic tool for conducting electronic discovery and computer forensic analysis. The present invention allows a non-technical person such as a non-forensic expert to conduct electronic discovery and thereby obviate the need for an expert in many situations. The present invention allows for electronic discovery in a forensically sound manner. The present invention also concerns a business method for electronic discovery involving a software program and a command server for generating expanded functionality. The client software may be distributed at minimal or no cost, preferably as a CD. Using the client software, a user boots a target machine to determine whether a target machine contains data of interest. The client software will, however, only display limited data such as file information, date, last modified, and file size. To access and examine the actual underlying data, the user must obtain additional functionality, e.g. by purchasing a command block from the control server. The additional functionality will allow the client program to extract the data of interest or the entire contents of the target machine to an external device for further analysis.
PCT/US2006/045978 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data Ceased WO2007067425A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US11/294,562 US7640323B2 (en) 2005-12-06 2005-12-06 Forensics tool for examination and recovery of computer data
US11/294,562 2005-12-06
US11/294,560 2005-12-06
US11/294,560 US7644138B2 (en) 2005-12-06 2005-12-06 Forensics tool for examination and recovery and computer data

Publications (2)

Publication Number Publication Date
WO2007067425A2 WO2007067425A2 (en) 2007-06-14
WO2007067425A3 true WO2007067425A3 (en) 2009-06-04

Family

ID=38123390

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2006/045978 Ceased WO2007067425A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data
PCT/US2006/045977 Ceased WO2007067424A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US2006/045977 Ceased WO2007067424A2 (en) 2005-12-06 2006-12-01 Forensics tool for examination and recovery of computer data

Country Status (1)

Country Link
WO (2) WO2007067425A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7835811B2 (en) 2006-10-07 2010-11-16 Voxelogix Corporation Surgical guides and methods for positioning artificial teeth and dental implants
KR100901743B1 (en) * 2007-06-21 2009-06-10 유비타스(주) Digital Forensic System and Method
GB2454715A (en) * 2007-11-19 2009-05-20 Ali Jahangiri Computer program for extracting forensic data form a target computer
GB2470198A (en) * 2009-05-13 2010-11-17 Evidence Talks Ltd Digital forensics using a control pod with a clean evidence store
JP4898934B2 (en) 2010-03-29 2012-03-21 株式会社Ubic Forensic system, forensic method, and forensic program
JP4868191B2 (en) 2010-03-29 2012-02-01 株式会社Ubic Forensic system, forensic method, and forensic program
US9864878B2 (en) 2015-07-27 2018-01-09 International Business Machines Corporation Event log tamper detection
KR101864790B1 (en) * 2016-11-30 2018-06-07 충북대학교 산학협력단 Drive mounter system and method for digital forensic
CN111858479A (en) * 2020-07-29 2020-10-30 湖南泛联新安信息科技有限公司 A portable acquisition method of software samples based on target equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152397A1 (en) * 2001-04-06 2002-10-17 Mckay Drew Virtual investigator
US20040006588A1 (en) * 2002-07-08 2004-01-08 Jessen John H. System and method for collecting electronic evidence data
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6687700B1 (en) * 2000-11-09 2004-02-03 Accenture Llp Communications system for supporting inter-dependent data messages

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020152397A1 (en) * 2001-04-06 2002-10-17 Mckay Drew Virtual investigator
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040006588A1 (en) * 2002-07-08 2004-01-08 Jessen John H. System and method for collecting electronic evidence data
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Also Published As

Publication number Publication date
WO2007067424A3 (en) 2009-06-04
WO2007067424A2 (en) 2007-06-14
WO2007067425A2 (en) 2007-06-14

Similar Documents

Publication Publication Date Title
WO2008032200A8 (en) Method, apparatus and computer program product for providing standard real world to virtual world links
TW200721828A (en) Imaging device, information processing method, and computer program
WO2006108865A3 (en) Methods for granting access to resources modifiable by users in a computer environment, and resources structured therefor
WO2007015200A3 (en) Apparatus for monitoring a person having an interest to an object, and method thereof
WO2008032203A3 (en) Method, apparatus and computer program product for a tag-based visual search user interface
TW200609779A (en) Method, system, and apparatus for discovering and connecting to data sources
WO2007079254A3 (en) Expert system for designing experiments
JP2009522657A5 (en)
WO2007095239A3 (en) Aptitude and interest assessment system and method
EP2348449A3 (en) A computer implemented method for performing cloud computing on data being stored pseudonymously in a database
NO20080375L (en) Generator for electronic data snapshots
WO2005104013A3 (en) Enhancing images superimposed on uneven or partially obscured background
WO2005015440A3 (en) Extending service-oriented business frameworks
WO2006078539A3 (en) System verification test using a behavior model
WO2007099540A3 (en) Processing and analyzing hyper-spectral image data and information via dynamic database updating
WO2007067425A3 (en) Forensics tool for examination and recovery of computer data
WO2009099947A3 (en) Methods and apparatus to generate smart text
CN101960419A (en) Building operating system images based on applications
WO2007100299A3 (en) Location information communication
WO2006110832A3 (en) System for extracting relevant data from an intellectual property database
WO2006091624A3 (en) System and method for determining information related to user interactions with an application
WO2007038275A3 (en) Systems and methods for remote storage of electronic data
JP6015546B2 (en) Information processing apparatus, information processing method, and program
WO2007078396A3 (en) System and method for enabling an action
WO2008127235A3 (en) Machine vision system for enterprise management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06838765

Country of ref document: EP

Kind code of ref document: A2