-
1.发明公开公开(公告)号:US20240104085A1
公开(公告)日:2024-03-28
申请号:US18471902
申请日:2023-09-21
CPC分类号: G06F16/2365 , G06F16/13
摘要: Provided are a system and method for evaluating integrity of a parsed file system. The system includes a processor and a memory communicatively connected to the processor and storing computer-executable instructions that cause the system to read an allocation tracker, create an allocated blocks collection of each block identifier within the allocation tracker indicated to be currently allocated, create an initially empty reference anomaly blocks collection, for each block of each file system object referenced by the file system object, determine that the associated block identifier is present in the allocated blocks collection or not, respectively remove the block identifier from the allocated blocks collection or add the block identifier to the reference anomaly blocks collection, determine that the allocated blocks collection and the reference anomaly blocks collection are empty or not empty and respectively indicate a successful evaluation or an unsuccessful evaluation.
-
公开(公告)号:US20210049264A1
公开(公告)日:2021-02-18
申请号:US16990561
申请日:2020-08-11
摘要: Systems and methods for cloud-based management of digital forensic evidence and, in particular, to systems and methods for enabling cloud-based digital forensic investigations.
-
公开(公告)号:US10740409B2
公开(公告)日:2020-08-11
申请号:US15706173
申请日:2017-09-15
发明人: Roman Czeslaw Kordasiewicz , Michelle Elizabeth Allix MacKenzie , Jared Daniel Windover , Samantha Jo McIlveen
IPC分类号: G06F3/0482 , G06F16/93 , G06Q50/18 , G06F16/14 , G06F16/338 , G06F16/438 , G06F16/638 , G06F16/36 , G06F16/904 , G06F3/0481 , G06F16/9038
摘要: Methods and apparatus for examining digital forensic data using a viewer computer. Forensic data collections are provided to the viewer computer, which can format the data artifacts according to a variety of display types and presentation formats, to facilitate review and reporting by a user. A relation graph presentation format is provided for visual exploration of data relationships.
-
公开(公告)号:US10715466B2
公开(公告)日:2020-07-14
申请号:US16136346
申请日:2018-09-20
摘要: According to one aspect, a system for locating application-specific data that includes a server, a broker, and an agent. An operator may define a command using the server, and this command may be sent to the broker. The broker may then send the command to the agent operating on an end-point system. The agent may then conduct an application-specific data search on the end-point system in respect of the user command. Search results may then be sent to the broker. The broker may then sent the search results to the server.
-
公开(公告)号:US09177011B2
公开(公告)日:2015-11-03
申请号:US13711902
申请日:2012-12-12
发明人: Jad John Saliba
IPC分类号: G06F17/30 , G06F7/00 , G06F21/57 , G06F21/64 , G06F21/78 , G06Q10/10 , G06Q50/00 , H04L29/06
CPC分类号: G06F17/30371 , G06F17/30424 , G06F17/30867 , G06F21/57 , G06F21/64 , G06F21/78 , G06Q10/10 , G06Q50/01 , H04L63/308
摘要: A system and a method for locating application-specific data that has been previously deleted and located in an address of the data storage device marked as being available for storing new data. The method includes accessing unidentified data from at least one data storage device; examining the unidentified data to detect at least one application-specific data pattern associated with at least one application; for each detected application-specific data pattern, executing an application-specific validation process to determine whether the unidentified data includes valid data associated with a corresponding application; and if it is determined that the unidentified data includes valid data associated with the corresponding application, then recovering the valid data.
摘要翻译: 一种用于定位先前被删除并位于被标记为可用于存储新数据的数据存储设备的地址中的应用专用数据的系统和方法。 该方法包括从至少一个数据存储设备访问未识别的数据; 检查未识别的数据以检测与至少一个应用相关联的至少一个应用特定数据模式; 对于每个检测到的应用程序特定数据模式,执行应用程序特定的验证过程以确定未识别的数据是否包括与相应应用程序相关联的有效数据; 并且如果确定未识别的数据包括与相应应用相关联的有效数据,则恢复有效数据。
-
公开(公告)号:US11847204B2
公开(公告)日:2023-12-19
申请号:US16990561
申请日:2020-08-11
CPC分类号: G06F21/53 , G06F9/45558 , G06F21/57 , G06F2009/4557 , G06F2009/45595
摘要: Systems and methods for cloud-based management of digital forensic evidence and, in particular, to systems and methods for enabling cloud-based digital forensic investigations.
-
公开(公告)号:US20230236881A1
公开(公告)日:2023-07-27
申请号:US18159342
申请日:2023-01-25
发明人: Jad Saliba , Tayfun Uzun , Geoffrey MacGillivray , Mike Williamson , Christopher Vance , Cody Bryant
CPC分类号: G06F9/4881 , G06F9/5005 , G06F21/64
摘要: Computer systems and methods for managing sensitive data items when performing a computer-implemented digital forensic workflow using on-premises (“on-prem”) and cloud resources are provided. The system includes a control computing node configured to: store the digital forensic workflow in a memory; and allocate forensic data processing tasks corresponding to portions of the digital forensic workflow to processing node computing devices (“processing nodes”) for execution by the processing nodes, the processing nodes communicatively connected to the control computing node via at least one data communication network and including at least one cloud processing node and at least one on-premises (“on-prem”) processing node. The control computing node automatically restricts allocation of a given forensic data processing task to the at least one on-prem processing node when forensic data to be operated on in performance of the given processing task is tagged as sensitive.
-
公开(公告)号:US20220158829A1
公开(公告)日:2022-05-19
申请号:US17527521
申请日:2021-11-16
发明人: Mike Parkhill , Chris McKnight , Jad John Saliba
IPC分类号: H04L9/08 , H04L9/40 , H04L67/1097 , H04L9/14
摘要: Systems, devices, and methods for securing sensitive data in the cloud are provided. The system includes a cloud server including a cloud service and a client device communicatively connected to the cloud server. The client device executes a client user interface (“UI”) module configured to: upon a first login of the first user to the cloud service, generate an asymmetric keypair including a public key and a private key, store the private key in a local storage on the client device, and send the public key to the cloud server; and, in response to a user command to upload case data to the cloud service, generate a symmetric case key, encrypt sensitive data of the case data using the symmetric case key, encrypt the symmetric case key using the public key, and send the case data, the encrypted sensitive data, and the encrypted symmetric case key to the cloud server.
-
9.发明申请公开(公告)号:US20190020604A1
公开(公告)日:2019-01-17
申请号:US16136346
申请日:2018-09-20
IPC分类号: H04L12/861 , H04W12/00 , H04L29/06 , H04W4/50 , G06F17/30
摘要: According to one aspect, a system for locating application-specific data that includes a server, a broker, and an agent. An operator may define a command using the server, and this command may be sent to the broker. The broker may then send the command to the agent operating on an end-point system. The agent may then conduct an application-specific data search on the end-point system in respect of the user command. Search results may then be sent to the broker. The broker may then sent the search results to the server.
-
10.发明公开公开(公告)号:US20230385527A1
公开(公告)日:2023-11-30
申请号:US18326375
申请日:2023-05-31
发明人: Harold C. Amick , Stephen Gemperle
IPC分类号: G06F40/117 , G06F3/04842 , G06F3/0481 , G06F16/22
CPC分类号: G06F40/117 , G06F16/2255 , G06F3/0481 , G06F3/04842
摘要: Systems and methods for presenting forensic data in a forensic data review user interface and for generating reference hash sets are provided. The method includes receiving a selection via the forensic data review user interface to display a forensic data collection; in response to receiving the selection, hashing at least one forensic data item in the forensic data collection to generate a hash value; determining that the hash value matches a reference hash value in at least one reference hash set; varying a default display property of the at least one forensic data item according to a presentation rule encoded in the reference hash set and associated with the reference hash value to obtain a varied display property; and displaying the forensic data collection in the forensic data review user interface including the at least one forensic data item according to the varied display property.
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.016 秒)
