| CPC H04L 63/1416 (2013.01) [H04L 9/0825 (2013.01); H04L 63/1433 (2013.01)] | 25 Claims |
|
1. A method of investigating a remote host computer by using an investigation system remote to the remote host computer, the investigation system including at least one computer system with a computer processor coupled to a system memory and programmed with computer-readable instructions, the method comprising:
the investigation system establishing a connection with the remote host computer;
the investigation system sending a first investigative module to the remote host computer, the first investigative module configured to run on the remote host computer to perform a first investigative function to investigate the remote host computer to ascertain if the remote host computer has any data or process, collectively referred to as data forms, with predetermined data form attributes,
the investigation system sending a second investigative module to the remote host computer, the second investigative module selected from a plurality of investigative modules,
wherein at least the first investigative module is an agentless computer program, being thus capable of running on the remote host computer without requiring a software agent on the remote host computer;
wherein the first investigative function is performable by the remote host computer running the first investigative module without any connection between the investigation system and the remote host computer;
wherein at least one of the first and second investigative modules are run on the remote host computer according to an unpredictable time schedule, the investigation system generating the unpredictable time schedule, the unpredictable time schedule including a randomly generated time for each said investigative module, or group thereof; and
wherein the randomly generated time is sent to the remote host computer as computer readable instructions or data instructing the remote host computer to run the corresponding investigative module, or group thereof.
|