US 12,271,366 B2
System and method for generating, maintaining, and querying a database for computer investigations
Shawn McCreight, Pasadena, CA (US); Roger Angarita, South Pasadena, CA (US); and Chris Petrus, Reseda, CA (US)
Assigned to OPEN TEXT HOLDINGS, INC., Menlo Park, CA (US)
Filed by OPEN TEXT HOLDINGS, INC., Menlo Park, CA (US)
Filed on Dec. 6, 2023, as Appl. No. 18/531,297.
Application 18/531,297 is a continuation of application No. 16/782,202, filed on Feb. 5, 2020, granted, now 11,899,643.
Application 16/782,202 is a continuation of application No. 15/162,591, filed on May 23, 2016, granted, now 10,585,869, issued on Mar. 10, 2020.
Claims priority of provisional application 62/165,868, filed on May 22, 2015.
Prior Publication US 2024/0104079 A1, Mar. 28, 2024
Int. Cl. G06F 16/22 (2019.01); G06F 16/28 (2019.01)
CPC G06F 16/2282 (2019.01) [G06F 16/28 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method for conducting an investigation of one or more target devices by an examining device wherein information extracted from the target devices is stored and organized on a hardware data storage device that is communicatively coupled to the examining device and is separate from the target devices, the method comprising:
extracting, by a processor of the examining device, information stored in a first target device, the extracted information including pieces of data of a first type and pieces of data of a second type;
storing, by the processor in the hardware data storage device, the pieces of data of the first type in a first table and the pieces of data of the second type in a second table, each of the pieces of data of the first type and the second type being stored with corresponding unique identifiers and corresponding metadata;
generating, by the processor, one or more links, each link linking one of the pieces of data of the first type to one of the pieces of data of the second type;
storing, by the processor in the hardware data storage device, each link in a third table, wherein each link is stored with a corresponding unique identifier;
identifying, by the processor in response to a received query, a first piece of data in the first table, wherein the received query comprises a plurality of conditions, wherein each condition of the plurality of conditions is marked by a gate, wherein the plurality of conditions is evaluated to guide access to the first table;
identifying, by the processor, one or more of the links in the third table which are linked to the first piece of data, wherein the plurality of conditions is evaluated to guide access to the third table, wherein the one or more of the links of the third table are evaluated to determine the second table;
retrieving, by the processor from the second table, one or more of the pieces of data of the second type which are linked to the first piece of data by the one or more identified links;
outputting, by the processor, the one or more retrieved pieces of data of the second type.