-
公开(公告)号:US08224848B2
公开(公告)日:2012-07-17
申请号:US12722482
申请日:2010-03-11
申请人: Shawn McCreight , Dominik Weber
发明人: Shawn McCreight , Dominik Weber
IPC分类号: G06F17/30
CPC分类号: G06F17/30985 , G06F17/30949 , G06F21/6209 , G06F21/64 , G06F21/645
摘要: A system and method for an entropy-based near-match analysis identifies target files that are almost, but not identical, to a reference file. A computing processor computes entropies of the reference and target files, and determines the likeness of the target files to the references file based on the computed entropies. The computing processor determines a near match between the target file and the reference file if the likeness of the two files is within a user-defined tolerance level. According to one embodiment of the invention, the information entropy is a weighted value that takes into account the size of the file.
摘要翻译: 用于基于熵的近似匹配分析的系统和方法识别与参考文件几乎但不相同的目标文件。 计算处理器计算参考文件和目标文件的熵,并根据计算的熵确定目标文件与引用文件的相似度。 如果两个文件的相似度在用户定义的公差级别内,则计算处理器确定目标文件和参考文件之间的近似匹配。 根据本发明的一个实施例,信息熵是考虑文件大小的加权值。
-
公开(公告)号:US07900044B2
公开(公告)日:2011-03-01
申请号:US10936466
申请日:2004-09-08
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
IPC分类号: H04L9/00
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。 要强调的是,该摘要被提供以符合要求摘要的规则,这将允许搜索者或其他读者快速确定技术公开的主题。 提交它的理解是,它不会用于解释或限制权利要求的范围或含义。
-
公开(公告)号:US06792545B2
公开(公告)日:2004-09-14
申请号:US10176349
申请日:2002-06-20
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
IPC分类号: G06F1130
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。
-
公开(公告)号:US08464057B2
公开(公告)日:2013-06-11
申请号:US12960414
申请日:2010-12-03
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
IPC分类号: H04L9/00
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
-
公开(公告)号:US20110138172A1
公开(公告)日:2011-06-09
申请号:US12960414
申请日:2010-12-03
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。 要强调的是,该摘要被提供以符合要求摘要的规则,这将允许搜索者或其他读者快速确定技术公开的主题。 提交它的理解是,它不会用于解释或限制权利要求的范围或含义。
-
6.发明授权System and method for searching for static data in a computer investigation system 有权在计算机调查系统中搜索静态数据的系统和方法公开(公告)号:US07711728B2
公开(公告)日:2010-05-04
申请号:US11315761
申请日:2005-12-21
申请人: Dominik Weber , Shawn McCreight
发明人: Dominik Weber , Shawn McCreight
IPC分类号: G06F7/00
CPC分类号: G06F17/301
摘要: A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.
摘要翻译: 一种用于并行调查存储在数据通信网络中的一个或多个目标机器的一个或多个辅助存储设备中的静态数据的系统和方法。 该网络包括检查机,安全服务器和各种目标机器。 检查机向目标机发送包括搜索关键字的搜索请求。 检查机器还向每个目标机器传送要搜索的文件的元数据信息和文件盘区。 目标机器同时搜索指定文件盘区的搜索关键字。 然后,目标机器将搜索结果流送到检查机器。
-
公开(公告)号:US20110106852A1
公开(公告)日:2011-05-05
申请号:US12987953
申请日:2011-01-10
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
IPC分类号: G06F17/30
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。
-
公开(公告)号:US20080184338A2
公开(公告)日:2008-07-31
申请号:US10936466
申请日:2004-09-08
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
IPC分类号: H04L9/00
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。 要强调的是,该摘要被提供以符合要求摘要的规则,这将允许搜索者或其他读者快速确定技术公开的主题。 提交它的理解是,它不会用于解释或限制权利要求的范围或含义。
-
9.发明申请System and method for searching for static data in a computer investigation system 有权在计算机调查系统中搜索静态数据的系统和方法公开(公告)号:US20060101009A1
公开(公告)日:2006-05-11
申请号:US11315761
申请日:2005-12-21
申请人: Dominik Weber , Shawn McCreight
发明人: Dominik Weber , Shawn McCreight
IPC分类号: G06F17/30
CPC分类号: G06F17/301
摘要: A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.
摘要翻译: 一种用于并行调查存储在数据通信网络中的一个或多个目标机器的一个或多个辅助存储设备中的静态数据的系统和方法。 该网络包括检查机,安全服务器和各种目标机器。 检查机向目标机发送包括搜索关键字的搜索请求。 检查机器还向每个目标机器传送要搜索的文件的元数据信息和文件盘区。 目标机器同时搜索指定文件盘区的搜索关键字。 然后,目标机器将搜索结果流送到检查机器。
-
公开(公告)号:US20050097366A1
公开(公告)日:2005-05-05
申请号:US10936466
申请日:2004-09-08
申请人: Shawn McCreight , Dominik Weber , Matthew Garrett
发明人: Shawn McCreight , Dominik Weber , Matthew Garrett
CPC分类号: G06F17/30554 , G06F17/30528 , G06F17/30867 , G06F21/60 , G06F21/606 , G06F21/64 , H04L9/00 , H04L63/0435 , H04L63/0442 , H04L63/062 , H04L63/08 , H04L63/083 , H04L63/1433
摘要: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network. It is emphasized that this abstract is provided to comply with the rules requiring an abstract which will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or the meaning of the claims.
摘要翻译: 一种用于通过通信网络的客户端机器对目标机器进行安全取证调查的方法,装置和系统。 在一个方面,该方法包括通过通信网络与服务器建立安全通信,通过通信网络建立与目标机器的安全通信,其中建立与目标机器的安全通信包括建立服务器与目标机器之间的安全通信,安装 目标机器上的服务器,通过通信网络向服务器发送安全命令,执行服务中的安全命令,由目标机器响应于服务指令发送数据,以及从目标机器接收数据 通过通信网络。 要强调的是,该摘要被提供以符合要求摘要的规则,这将允许搜索者或其他读者快速确定技术公开的主题。 提交它的理解是,它不会用于解释或限制权利要求的范围或含义。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.019 秒)