WO2007044709A3 - Electronic discovery system and method - Google Patents

Electronic discovery system and method Download PDF

Info

Publication number
WO2007044709A3
WO2007044709A3 PCT/US2006/039527 US2006039527W WO2007044709A3 WO 2007044709 A3 WO2007044709 A3 WO 2007044709A3 US 2006039527 W US2006039527 W US 2006039527W WO 2007044709 A3 WO2007044709 A3 WO 2007044709A3
Authority
WO
WIPO (PCT)
Prior art keywords
investigation
guid
files
subject
responsive
Prior art date
Application number
PCT/US2006/039527
Other languages
French (fr)
Other versions
WO2007044709A2 (en
Inventor
Shawn Mccreight
Jon Stewart
Brent Botta
Original Assignee
Guidance Software Inc
Shawn Mccreight
Jon Stewart
Brent Botta
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guidance Software Inc, Shawn Mccreight, Jon Stewart, Brent Botta filed Critical Guidance Software Inc
Priority to EP06816612A priority Critical patent/EP1934840A4/en
Publication of WO2007044709A2 publication Critical patent/WO2007044709A2/en
Publication of WO2007044709A3 publication Critical patent/WO2007044709A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Abstract

A computer investigation system and method that conducts electronic discovery of desired files across a live network in a forensically sound manner. The investigation entails an examining machine electronically identifying, collecting, and preserving evidence from target machines that is responsive to a set of investigation criteria. The set of investigation criteria is associated with an investigation subject that is identified by a global unique identifier (GUID). As the investigation subject is applied to the various files, the responsive files are stamped with the GUID and preserved in a container file referred to as a logical evidence file (LEF). The GUID allows the results of an investigation to be easily and reliably traced to the particular investigation subject that was applied.
PCT/US2006/039527 2005-10-06 2006-10-06 Electronic discovery system and method WO2007044709A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP06816612A EP1934840A4 (en) 2005-10-06 2006-10-06 Electronic discovery system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US72462305P 2005-10-06 2005-10-06
US60/724,623 2005-10-06

Publications (2)

Publication Number Publication Date
WO2007044709A2 WO2007044709A2 (en) 2007-04-19
WO2007044709A3 true WO2007044709A3 (en) 2009-04-23

Family

ID=37943469

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/039527 WO2007044709A2 (en) 2005-10-06 2006-10-06 Electronic discovery system and method

Country Status (3)

Country Link
US (2) US7809686B2 (en)
EP (1) EP1934840A4 (en)
WO (1) WO2007044709A2 (en)

Families Citing this family (75)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070011450A1 (en) * 2004-09-14 2007-01-11 Mccreight Shawn System and method for concurrent discovery and survey of networked devices
US7711728B2 (en) * 2002-06-20 2010-05-04 Guidance Software, Inc. System and method for searching for static data in a computer investigation system
US6792545B2 (en) 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20070139231A1 (en) * 2005-10-19 2007-06-21 Advanced Digital Forensic Solutions, Inc. Systems and methods for enterprise-wide data identification, sharing and management in a commercial context
US7941386B2 (en) * 2005-10-19 2011-05-10 Adf Solutions, Inc. Forensic systems and methods using search packs that can be edited for enterprise-wide data identification, data sharing, and management
US7603344B2 (en) * 2005-10-19 2009-10-13 Advanced Digital Forensic Solutions, Inc. Methods for searching forensic data
US8892735B2 (en) * 2006-09-28 2014-11-18 Guidance Software, Inc. Phone home servlet in a computer investigation system
JP2008146601A (en) * 2006-12-13 2008-06-26 Canon Inc Information processor and information processing method
US20080294492A1 (en) * 2007-05-24 2008-11-27 Irina Simpson Proactively determining potential evidence issues for custodial systems in active litigation
WO2009029589A1 (en) * 2007-08-25 2009-03-05 Vere Software Online evidence collection
US8572043B2 (en) * 2007-12-20 2013-10-29 International Business Machines Corporation Method and system for storage of unstructured data for electronic discovery in external data stores
US8112406B2 (en) 2007-12-21 2012-02-07 International Business Machines Corporation Method and apparatus for electronic data discovery
US8140494B2 (en) 2008-01-21 2012-03-20 International Business Machines Corporation Providing collection transparency information to an end user to achieve a guaranteed quality document search and production in electronic data discovery
US8275720B2 (en) 2008-06-12 2012-09-25 International Business Machines Corporation External scoping sources to determine affected people, systems, and classes of information in legal matters
US9830563B2 (en) 2008-06-27 2017-11-28 International Business Machines Corporation System and method for managing legal obligations for data
US8327384B2 (en) 2008-06-30 2012-12-04 International Business Machines Corporation Event driven disposition
US8484069B2 (en) 2008-06-30 2013-07-09 International Business Machines Corporation Forecasting discovery costs based on complex and incomplete facts
US20100017239A1 (en) * 2008-06-30 2010-01-21 Eric Saltzman Forecasting Discovery Costs Using Historic Data
US8489439B2 (en) 2008-06-30 2013-07-16 International Business Machines Corporation Forecasting discovery costs based on complex and incomplete facts
US8515924B2 (en) 2008-06-30 2013-08-20 International Business Machines Corporation Method and apparatus for handling edge-cases of event-driven disposition
US8073729B2 (en) 2008-09-30 2011-12-06 International Business Machines Corporation Forecasting discovery costs based on interpolation of historic event patterns
US8090705B1 (en) * 2008-09-15 2012-01-03 Symantec Corporation Method and apparatus for processing electronically stored information for electronic discovery
US8204869B2 (en) * 2008-09-30 2012-06-19 International Business Machines Corporation Method and apparatus to define and justify policy requirements using a legal reference library
US8321860B2 (en) * 2008-10-27 2012-11-27 Bank Of America Corporation Local collector
US8549327B2 (en) 2008-10-27 2013-10-01 Bank Of America Corporation Background service process for local collection of data in an electronic discovery system
US8086694B2 (en) * 2009-01-30 2011-12-27 Bank Of America Network storage device collector
US8504580B2 (en) * 2009-03-03 2013-08-06 Ilya Geller Systems and methods for creating an artificial intelligence
US8806358B2 (en) * 2009-03-27 2014-08-12 Bank Of America Corporation Positive identification and bulk addition of custodians to a case within an electronic discovery system
US8200635B2 (en) 2009-03-27 2012-06-12 Bank Of America Corporation Labeling electronic data in an electronic discovery enterprise system
US20100250455A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Suggesting potential custodians for cases in an enterprise-wide electronic discovery system
US20100250266A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Cost estimations in an electronic discovery system
US8572227B2 (en) * 2009-03-27 2013-10-29 Bank Of America Corporation Methods and apparatuses for communicating preservation notices and surveys
US8364681B2 (en) * 2009-03-27 2013-01-29 Bank Of America Corporation Electronic discovery system
US8572376B2 (en) 2009-03-27 2013-10-29 Bank Of America Corporation Decryption of electronic communication in an electronic discovery enterprise system
US9330374B2 (en) * 2009-03-27 2016-05-03 Bank Of America Corporation Source-to-processing file conversion in an electronic discovery enterprise system
US20100250735A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Monitoring an enterprise network for determining specified computing device usage
US8417716B2 (en) 2009-03-27 2013-04-09 Bank Of America Corporation Profile scanner
US9721227B2 (en) * 2009-03-27 2017-08-01 Bank Of America Corporation Custodian management system
US20100250456A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation Suggesting preservation notice and survey recipients in an electronic discovery system
US8250037B2 (en) * 2009-03-27 2012-08-21 Bank Of America Corporation Shared drive data collection tool for an electronic discovery system
US8224924B2 (en) * 2009-03-27 2012-07-17 Bank Of America Corporation Active email collector
US8504489B2 (en) * 2009-03-27 2013-08-06 Bank Of America Corporation Predictive coding of documents in an electronic discovery system
US20100250509A1 (en) * 2009-03-27 2010-09-30 Bank Of America Corporation File scanning tool
US8339680B2 (en) * 2009-04-02 2012-12-25 Xerox Corporation Printer image log system for document gathering and retention
US20110040600A1 (en) * 2009-08-17 2011-02-17 Deidre Paknad E-discovery decision support
US9053454B2 (en) 2009-11-30 2015-06-09 Bank Of America Corporation Automated straight-through processing in an electronic discovery system
US8655856B2 (en) 2009-12-22 2014-02-18 International Business Machines Corporation Method and apparatus for policy distribution
US8250041B2 (en) 2009-12-22 2012-08-21 International Business Machines Corporation Method and apparatus for propagation of file plans from enterprise retention management applications to records management systems
JP4898934B2 (en) * 2010-03-29 2012-03-21 株式会社Ubic Forensic system, forensic method, and forensic program
JP4868191B2 (en) 2010-03-29 2012-02-01 株式会社Ubic Forensic system, forensic method, and forensic program
US8566903B2 (en) * 2010-06-29 2013-10-22 International Business Machines Corporation Enterprise evidence repository providing access control to collected artifacts
US8832148B2 (en) * 2010-06-29 2014-09-09 International Business Machines Corporation Enterprise evidence repository
US8402359B1 (en) 2010-06-30 2013-03-19 International Business Machines Corporation Method and apparatus for managing recent activity navigation in web applications
US20120278761A1 (en) * 2011-04-29 2012-11-01 Symantec Corporation Method and system for managing duplicate item display
US20130117218A1 (en) * 2011-11-03 2013-05-09 Microsoft Corporation Cross-store electronic discovery
US9817898B2 (en) 2011-11-14 2017-11-14 Microsoft Technology Licensing, Llc Locating relevant content items across multiple disparate content sources
US9177011B2 (en) * 2011-12-22 2015-11-03 Magnet Forensics Inc. Systems and methods for locating application specific data
US9158825B1 (en) * 2012-11-09 2015-10-13 Symantec Corporation Search validity in data backup systems
US20140244699A1 (en) * 2013-02-26 2014-08-28 Jonathan Grier Apparatus and Methods for Selective Location and Duplication of Relevant Data
EP3080709A4 (en) 2013-09-09 2017-07-05 Unitedlex Corp. Interactive case management system
US10498777B2 (en) * 2014-03-17 2019-12-03 Citrix Systems, Inc. Real-time push notifications for cloud-based applications
US10078668B1 (en) * 2014-05-04 2018-09-18 Veritas Technologies Llc Systems and methods for utilizing information-asset metadata aggregated from multiple disparate data-management systems
US10635645B1 (en) 2014-05-04 2020-04-28 Veritas Technologies Llc Systems and methods for maintaining aggregate tables in databases
CN105224572B (en) * 2014-06-30 2019-11-15 北京金山安全软件有限公司 Method and device for identifying garbage catalogue
US10826930B2 (en) 2014-07-22 2020-11-03 Nuix Pty Ltd Systems and methods for parallelized custom data-processing and search
US10346550B1 (en) * 2014-08-28 2019-07-09 X1 Discovery, Inc. Methods and systems for searching and indexing virtual environments
US20160253346A1 (en) * 2015-02-27 2016-09-01 Ricoh Company, Ltd. Legal Discovery Tool
US10191907B2 (en) * 2015-02-27 2019-01-29 Ricoh Company, Ltd. Legal discovery tool implemented in a mobile device
US9680844B2 (en) * 2015-07-06 2017-06-13 Bank Of America Corporation Automation of collection of forensic evidence
CN105631327A (en) * 2015-12-16 2016-06-01 北京奇虎科技有限公司 Virus checking and killing method and system as well as client
US10430361B1 (en) 2015-12-17 2019-10-01 Cru Acquisition Group, Llc Combination write blocker
DE102019134590A1 (en) * 2019-12-16 2021-06-17 Thomas Schmalz Device for collecting IT forensically potentially relevant data, methods, computer program product and storage unit
EP3910511A1 (en) * 2020-05-13 2021-11-17 Magnet Forensics Inc. System and method for identifying files based on hash values
US11461490B1 (en) 2020-09-23 2022-10-04 Cru Data Security Group, Llc Systems, methods, and devices for conditionally allowing processes to alter data on a storage device
CN112533010A (en) * 2020-11-23 2021-03-19 北京北笛科技有限公司 Automatic evidence obtaining method and device for audio and video data in network live broadcast service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US20040073534A1 (en) * 2002-10-11 2004-04-15 International Business Machines Corporation Method and apparatus for data mining to discover associations and covariances associated with data
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5475625A (en) 1991-01-16 1995-12-12 Siemens Nixdorf Informationssysteme Aktiengesellschaft Method and arrangement for monitoring computer manipulations
US5491750A (en) * 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5623652A (en) * 1994-07-25 1997-04-22 Apple Computer, Inc. Method and apparatus for searching for information in a network and for controlling the display of searchable information on display devices in the network
US5944794A (en) * 1994-09-30 1999-08-31 Kabushiki Kaisha Toshiba User identification data management scheme for networking computer systems using wide area network
US5715174A (en) * 1994-11-15 1998-02-03 Absolute Software Corporation Security apparatus and method
US5928323A (en) * 1996-05-30 1999-07-27 Sun Microsystems, Inc. Apparatus and method for dynamically generating information with server-side software objects
US5944791A (en) * 1996-10-04 1999-08-31 Contigo Software Llc Collaborative web browser
DE69703705T2 (en) * 1996-11-26 2001-06-21 British Telecomm Public Ltd Co COMMUNICATION SYSTEM
US6084969A (en) * 1997-12-31 2000-07-04 V-One Corporation Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network
US6012098A (en) * 1998-02-23 2000-01-04 International Business Machines Corp. Servlet pairing for isolation of the retrieval and rendering of data
WO1999066383A2 (en) * 1998-06-15 1999-12-23 Dmw Worldwide, Inc. Method and apparatus for assessing the security of a computer system
US6665702B1 (en) * 1998-07-15 2003-12-16 Radware Ltd. Load balancing
US20010011349A1 (en) * 1998-09-03 2001-08-02 Greg B. Garrison System and method for encrypting a data session between a client and a server
US6601061B1 (en) * 1999-06-18 2003-07-29 Surfwax, Inc. Scalable information search and retrieval including use of special purpose searching resources
US6874088B1 (en) * 1999-10-22 2005-03-29 Mission Critical Linux, Llc Secure remote servicing of a computer system over a computer network
US7120692B2 (en) * 1999-12-02 2006-10-10 Senvid, Inc. Access and control system for network-enabled devices
US20030208689A1 (en) * 2000-06-16 2003-11-06 Garza Joel De La Remote computer forensic evidence collection system and process
US20020156973A1 (en) * 2001-01-29 2002-10-24 Ulrich Thomas R. Enhanced disk array
US6944760B2 (en) * 2001-05-24 2005-09-13 Openwave Systems Inc. Method and apparatus for protecting identities of mobile devices on a wireless network
US7096503B1 (en) * 2001-06-29 2006-08-22 Mcafee, Inc. Network-based risk-assessment tool for remotely detecting local computer vulnerabilities
US7146642B1 (en) * 2001-06-29 2006-12-05 Mcafee, Inc. System, method and computer program product for detecting modifications to risk assessment scanning caused by an intermediate device
US7228566B2 (en) * 2001-07-10 2007-06-05 Core Sdi, Incorporated Automated computer system security compromise
US20030196123A1 (en) * 2002-03-29 2003-10-16 Rowland Craig H. Method and system for analyzing and addressing alarms from network intrusion detection systems
US7711728B2 (en) * 2002-06-20 2010-05-04 Guidance Software, Inc. System and method for searching for static data in a computer investigation system
US20070011450A1 (en) * 2004-09-14 2007-01-11 Mccreight Shawn System and method for concurrent discovery and survey of networked devices
US7370072B2 (en) * 2002-07-08 2008-05-06 Electronic Evidence Discovery, Inc. System and method for collecting electronic evidence data
US7308492B2 (en) * 2002-10-02 2007-12-11 Sony Corporation Method and apparatus for use in remote diagnostics
US6968335B2 (en) * 2002-11-14 2005-11-22 Sesint, Inc. Method and system for parallel processing of database queries
US8892735B2 (en) * 2006-09-28 2014-11-18 Guidance Software, Inc. Phone home servlet in a computer investigation system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US6792545B2 (en) * 2002-06-20 2004-09-14 Guidance Software, Inc. Enterprise computer investigation system
US20040073534A1 (en) * 2002-10-11 2004-04-15 International Business Machines Corporation Method and apparatus for data mining to discover associations and covariances associated with data
US20040260733A1 (en) * 2003-06-23 2004-12-23 Adelstein Frank N. Remote collection of computer forensic evidence

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1934840A4 *

Also Published As

Publication number Publication date
US20110047177A1 (en) 2011-02-24
WO2007044709A2 (en) 2007-04-19
US20070112783A1 (en) 2007-05-17
EP1934840A4 (en) 2010-12-15
US7809686B2 (en) 2010-10-05
EP1934840A2 (en) 2008-06-25

Similar Documents

Publication Publication Date Title
WO2007044709A3 (en) Electronic discovery system and method
WO2007120954A3 (en) File origin determination
EP1758034A3 (en) Method, apparatus and program for generating metadata
WO2006105301A3 (en) Apparatus and methods for managing content exchange on a wireless device
WO2008027683A3 (en) Annotating media content with related information
EP1772803A3 (en) Method and system for performing distributed server change operations in a transaction-safe manner
WO2010037031A3 (en) System and method for aggregating web feeds relevant to a geographical locale from multiple sources
WO2009072620A1 (en) Printing management system, printing management method, and program
WO2005101186A3 (en) System, method and computer program product for extracting metadata faster than real-time
WO2010019288A8 (en) Log file time sequence stamping
WO2006004670A3 (en) Methods and systems for managing data
EP2060980A3 (en) Server and client device, and information processing system and method
WO2007082314A3 (en) Digital content metadata registry systems and methods
WO2008002578A3 (en) Methods and apparatus for improving data warehouse performance
WO2009148517A3 (en) Evaluating subject interests from digital image records
CA2640736C (en) Methods and systems for data management using multiple selection criteria
WO2007124416A3 (en) Backwards researching activity indicative of pestware
EP1657662A3 (en) Efficient white listing of user-modifiable files
WO2007115098A3 (en) Method and system for providing focused search results
EP1580645A3 (en) Information-processing system, information-processing apparatus and method, recording medium and program
EP2001229A3 (en) Information processing system, collecting server, information processing method and program
WO2009026189A3 (en) Methods and apparatus for providing location data with variable validity and quality
ATE492858T1 (en) METHOD, SYSTEM AND APPARATUS FOR COLLECTING USER INFORMATION
WO2006082576A3 (en) A method and apparatus for server-side nat detection
WO2008125508A3 (en) Managing entity data in case of multiple entity identities

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
REEP Request for entry into the european phase

Ref document number: 2006816612

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006816612

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE