Method and system for remote forensic data collection,申请号US201414158482-传众专利搜索

发明名称	Method and system for remote forensic data collection
摘要	A system and method for forensic data collection includes: creating, by a configuration computer, an encrypted configuration file for collecting files from a data source; saving, by the configuration computer, the encrypted configuration file to a non-password-encrypted configuration file storage device; loading, by a data collection computer, the encrypted configuration file from a non-password-encrypted external storage device; collecting, by the data collection computer, the files from the data source based on the encrypted configuration file.
申请公布号	US9292698(B1)	申请公布日期	2016.03.22
申请号	US201414158482	申请日期	2014.01.17
申请人		发明人	Cobb Andrew T.
分类号	G06F21/60;G06F21/62	主分类号	G06F21/60
代理机构	Stites & Harbison, PLLC	代理人	Stites & Harbison, PLLC ;Haeberlin Jeffrey A.;Wright Terry L.
主权项	1. A method for forensic data collection, comprising: creating, by a configuration computer, an encrypted configuration file for collecting files from a data source, including: prompting an operator, via an input/output device of the configuration computer, to select either a “file set” or a “whole disk” of files of the data source to be collected;in response to receiving a selection of the “whole disk” of files of the data source to be copied, then compiling configuration parameters including data for copying an entirety of the data source as the encrypted configuration file; andin response to receiving a selection of the “file set” of files of the data source to be copied, then: prompting the operator to select and receiving a selection from the operator of at least one folder to be copied from the data source;prompting the operator to select and receiving a selection from the operator of at least one file type to be copied from the data source;prompting the operator to select and receiving an selection from the operator of date ranges of files to be copied from the data source; andcompiling configuration parameters including data for copying the selection of at least one folder, at least one file type, and data ranges of files to be copied from the data source as the encrypted configuration file;wherein compiling configuration parameters includes: appending the configuration parameters together to form a configuration string;calculating a hash of the configuration string and pre-pending the hash to the configuration string; andencrypting the configuration string as the encrypted configuration file; saving, by the configuration computer, the encrypted configuration file to a non-password-encrypted configuration file storage device; loading, by a data collection computer, the encrypted configuration file from a non-password-encrypted external storage device; and collecting, by the data collection computer, the files from the data source based on the encrypted configuration file.
地址