US 12,411,848 B2
Data investigation and visualization system
Kyle Nicolas Forsyth, Fairfax, VA (US); Mark Jason Sanders, Reston, VA (US); Adam Keith Korobow, Bristow, VA (US); Eric Richard McCabe, Reston, VA (US); Mychal William Ivancich, Reston, VA (US); David Michael Peters, Ashburn, VA (US); and Cody Steven Jenkins, Mount Clare, WV (US)
Assigned to NOBLIS, INC., Reston, VA (US)
Filed by NOBLIS, INC., Reston, VA (US)
Filed on Jan. 9, 2023, as Appl. No. 18/094,678.
Application 18/094,678 is a continuation of application No. 17/125,134, filed on Dec. 17, 2020, granted, now 11,550,788.
Claims priority of provisional application 63/029,033, filed on May 22, 2020.
Prior Publication US 2023/0161766 A1, May 25, 2023
Int. Cl. G06F 16/2453 (2019.01); G06F 16/28 (2019.01); G06F 16/901 (2019.01); G06N 20/00 (2019.01)
CPC G06F 16/24542 (2019.01) [G06F 16/24532 (2019.01); G06F 16/288 (2019.01); G06F 16/9024 (2019.01); G06N 20/00 (2019.01)] 19 Claims
OG exemplary drawing
 
1. A method for performing a data investigation by querying a plurality of data sources, the method performed at a first system comprising one or more processors and a second system comprising one or more processors, the method comprising:
receiving, at a query controller of the first system, a first user input comprising a first investigation input, wherein the first user input comprising the first investigation input comprises an indication of a first entity;
querying, automatically by the query controller, a first plurality of data sources in accordance with the first investigation input;
receiving, in response to the querying in accordance with the first investigation input, first response data from the first plurality of data sources;
generating and storing, by the first system, based on the first response data, a data investigation data structure representing relationships between the first investigation input and the first response data, wherein entities are represented as nodes in the data investigation data structure and relationships between entities are represented as links between nodes;
transferring the data investigation data structure from the first system to the second system, wherein the second system is air-gapped from the first system, and wherein the second system is a higher classification level than the first system;
querying, by the second system, a second plurality of data sources distinct from the first plurality of data sources in accordance with a second user input comprising a second investigation input received at the second system;
receiving, by the second system, in response to querying the second plurality of data sources, second response data from the second plurality of data sources, the second response data having the higher classification level than the first response data; and
augmenting, by the second system, based on the second response data, the data investigation data structure such that the data investigation data structure represents relationships between the second investigation input and the second response data having the higher classification level than the first response data.