| CPC G06F 21/552 (2013.01) [G06F 21/566 (2013.01); G06F 2221/034 (2013.01)] | 16 Claims |
|
1. A system for conducting a cloud-based, forensic investigation to find and collect evidence within electronically-stored information of a target, the system comprising:
at least one remote system of the target of the cloud-based forensic investigation, wherein the at least one remote system comprises electronically-stored information;
an investigation requestor computing device, comprising executable instructions stored in at least one memory and at least one processor to execute the instructions, the device configured to request a forensic investigation of the at least one remote system; including:
selecting search criteria for the investigation, wherein the search criteria specify one or more selectable forensic artifact types to find on and collect from the remote system; and
configuring an evidence collection module using the search criteria, the evidence collection module operable, once configured, to:
search the electronically-stored information to find forensic artifacts of the one or more forensic artifact types on the at least one remote system according to the search criteria, wherein the at least one remote system is a target endpoint device, and wherein the evidence collection module is a deployable agent comprising an executable program embedded with the search criteria that is deployed to the target endpoint device to search for the forensic artifacts and the deployable agent automatically deletes from the target endpoint system;
collect the forensic artifacts from the at least one remote system;
establish a connection to a cloud server configured to store the forensic artifacts; and
transmit the forensic artifacts to the cloud server for storage;
a cloud-based evidence-processing service executed by or in communication with the cloud server and configured to retrieve and analyze the forensic artifacts and generate an initial report.
|