WO2007044709A3 - Electronic discovery system and method - Google Patents
Electronic discovery system and method Download PDFInfo
- Publication number
- WO2007044709A3 WO2007044709A3 PCT/US2006/039527 US2006039527W WO2007044709A3 WO 2007044709 A3 WO2007044709 A3 WO 2007044709A3 US 2006039527 W US2006039527 W US 2006039527W WO 2007044709 A3 WO2007044709 A3 WO 2007044709A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- investigation
- guid
- files
- subject
- responsive
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
A computer investigation system and method that conducts electronic discovery of desired files across a live network in a forensically sound manner. The investigation entails an examining machine electronically identifying, collecting, and preserving evidence from target machines that is responsive to a set of investigation criteria. The set of investigation criteria is associated with an investigation subject that is identified by a global unique identifier (GUID). As the investigation subject is applied to the various files, the responsive files are stamped with the GUID and preserved in a container file referred to as a logical evidence file (LEF). The GUID allows the results of an investigation to be easily and reliably traced to the particular investigation subject that was applied.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06816612A EP1934840A4 (en) | 2005-10-06 | 2006-10-06 | Electronic discovery system and method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US72462305P | 2005-10-06 | 2005-10-06 | |
US60/724,623 | 2005-10-06 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007044709A2 WO2007044709A2 (en) | 2007-04-19 |
WO2007044709A3 true WO2007044709A3 (en) | 2009-04-23 |
Family
ID=37943469
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/039527 WO2007044709A2 (en) | 2005-10-06 | 2006-10-06 | Electronic discovery system and method |
Country Status (3)
Country | Link |
---|---|
US (2) | US7809686B2 (en) |
EP (1) | EP1934840A4 (en) |
WO (1) | WO2007044709A2 (en) |
Families Citing this family (75)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070011450A1 (en) * | 2004-09-14 | 2007-01-11 | Mccreight Shawn | System and method for concurrent discovery and survey of networked devices |
US7711728B2 (en) * | 2002-06-20 | 2010-05-04 | Guidance Software, Inc. | System and method for searching for static data in a computer investigation system |
US6792545B2 (en) | 2002-06-20 | 2004-09-14 | Guidance Software, Inc. | Enterprise computer investigation system |
US20070139231A1 (en) * | 2005-10-19 | 2007-06-21 | Advanced Digital Forensic Solutions, Inc. | Systems and methods for enterprise-wide data identification, sharing and management in a commercial context |
US7941386B2 (en) * | 2005-10-19 | 2011-05-10 | Adf Solutions, Inc. | Forensic systems and methods using search packs that can be edited for enterprise-wide data identification, data sharing, and management |
US7603344B2 (en) * | 2005-10-19 | 2009-10-13 | Advanced Digital Forensic Solutions, Inc. | Methods for searching forensic data |
US8892735B2 (en) * | 2006-09-28 | 2014-11-18 | Guidance Software, Inc. | Phone home servlet in a computer investigation system |
JP2008146601A (en) * | 2006-12-13 | 2008-06-26 | Canon Inc | Information processor and information processing method |
US20080294492A1 (en) * | 2007-05-24 | 2008-11-27 | Irina Simpson | Proactively determining potential evidence issues for custodial systems in active litigation |
WO2009029589A1 (en) * | 2007-08-25 | 2009-03-05 | Vere Software | Online evidence collection |
US8572043B2 (en) * | 2007-12-20 | 2013-10-29 | International Business Machines Corporation | Method and system for storage of unstructured data for electronic discovery in external data stores |
US8112406B2 (en) | 2007-12-21 | 2012-02-07 | International Business Machines Corporation | Method and apparatus for electronic data discovery |
US8140494B2 (en) | 2008-01-21 | 2012-03-20 | International Business Machines Corporation | Providing collection transparency information to an end user to achieve a guaranteed quality document search and production in electronic data discovery |
US8275720B2 (en) | 2008-06-12 | 2012-09-25 | International Business Machines Corporation | External scoping sources to determine affected people, systems, and classes of information in legal matters |
US9830563B2 (en) | 2008-06-27 | 2017-11-28 | International Business Machines Corporation | System and method for managing legal obligations for data |
US8327384B2 (en) | 2008-06-30 | 2012-12-04 | International Business Machines Corporation | Event driven disposition |
US8484069B2 (en) | 2008-06-30 | 2013-07-09 | International Business Machines Corporation | Forecasting discovery costs based on complex and incomplete facts |
US20100017239A1 (en) * | 2008-06-30 | 2010-01-21 | Eric Saltzman | Forecasting Discovery Costs Using Historic Data |
US8489439B2 (en) | 2008-06-30 | 2013-07-16 | International Business Machines Corporation | Forecasting discovery costs based on complex and incomplete facts |
US8515924B2 (en) | 2008-06-30 | 2013-08-20 | International Business Machines Corporation | Method and apparatus for handling edge-cases of event-driven disposition |
US8073729B2 (en) | 2008-09-30 | 2011-12-06 | International Business Machines Corporation | Forecasting discovery costs based on interpolation of historic event patterns |
US8090705B1 (en) * | 2008-09-15 | 2012-01-03 | Symantec Corporation | Method and apparatus for processing electronically stored information for electronic discovery |
US8204869B2 (en) * | 2008-09-30 | 2012-06-19 | International Business Machines Corporation | Method and apparatus to define and justify policy requirements using a legal reference library |
US8321860B2 (en) * | 2008-10-27 | 2012-11-27 | Bank Of America Corporation | Local collector |
US8549327B2 (en) | 2008-10-27 | 2013-10-01 | Bank Of America Corporation | Background service process for local collection of data in an electronic discovery system |
US8086694B2 (en) * | 2009-01-30 | 2011-12-27 | Bank Of America | Network storage device collector |
US8504580B2 (en) * | 2009-03-03 | 2013-08-06 | Ilya Geller | Systems and methods for creating an artificial intelligence |
US8806358B2 (en) * | 2009-03-27 | 2014-08-12 | Bank Of America Corporation | Positive identification and bulk addition of custodians to a case within an electronic discovery system |
US8200635B2 (en) | 2009-03-27 | 2012-06-12 | Bank Of America Corporation | Labeling electronic data in an electronic discovery enterprise system |
US20100250455A1 (en) * | 2009-03-27 | 2010-09-30 | Bank Of America Corporation | Suggesting potential custodians for cases in an enterprise-wide electronic discovery system |
US20100250266A1 (en) * | 2009-03-27 | 2010-09-30 | Bank Of America Corporation | Cost estimations in an electronic discovery system |
US8572227B2 (en) * | 2009-03-27 | 2013-10-29 | Bank Of America Corporation | Methods and apparatuses for communicating preservation notices and surveys |
US8364681B2 (en) * | 2009-03-27 | 2013-01-29 | Bank Of America Corporation | Electronic discovery system |
US8572376B2 (en) | 2009-03-27 | 2013-10-29 | Bank Of America Corporation | Decryption of electronic communication in an electronic discovery enterprise system |
US9330374B2 (en) * | 2009-03-27 | 2016-05-03 | Bank Of America Corporation | Source-to-processing file conversion in an electronic discovery enterprise system |
US20100250735A1 (en) * | 2009-03-27 | 2010-09-30 | Bank Of America Corporation | Monitoring an enterprise network for determining specified computing device usage |
US8417716B2 (en) | 2009-03-27 | 2013-04-09 | Bank Of America Corporation | Profile scanner |
US9721227B2 (en) * | 2009-03-27 | 2017-08-01 | Bank Of America Corporation | Custodian management system |
US20100250456A1 (en) * | 2009-03-27 | 2010-09-30 | Bank Of America Corporation | Suggesting preservation notice and survey recipients in an electronic discovery system |
US8250037B2 (en) * | 2009-03-27 | 2012-08-21 | Bank Of America Corporation | Shared drive data collection tool for an electronic discovery system |
US8224924B2 (en) * | 2009-03-27 | 2012-07-17 | Bank Of America Corporation | Active email collector |
US8504489B2 (en) * | 2009-03-27 | 2013-08-06 | Bank Of America Corporation | Predictive coding of documents in an electronic discovery system |
US20100250509A1 (en) * | 2009-03-27 | 2010-09-30 | Bank Of America Corporation | File scanning tool |
US8339680B2 (en) * | 2009-04-02 | 2012-12-25 | Xerox Corporation | Printer image log system for document gathering and retention |
US20110040600A1 (en) * | 2009-08-17 | 2011-02-17 | Deidre Paknad | E-discovery decision support |
US9053454B2 (en) | 2009-11-30 | 2015-06-09 | Bank Of America Corporation | Automated straight-through processing in an electronic discovery system |
US8655856B2 (en) | 2009-12-22 | 2014-02-18 | International Business Machines Corporation | Method and apparatus for policy distribution |
US8250041B2 (en) | 2009-12-22 | 2012-08-21 | International Business Machines Corporation | Method and apparatus for propagation of file plans from enterprise retention management applications to records management systems |
JP4898934B2 (en) * | 2010-03-29 | 2012-03-21 | 株式会社Ubic | Forensic system, forensic method, and forensic program |
JP4868191B2 (en) | 2010-03-29 | 2012-02-01 | 株式会社Ubic | Forensic system, forensic method, and forensic program |
US8566903B2 (en) * | 2010-06-29 | 2013-10-22 | International Business Machines Corporation | Enterprise evidence repository providing access control to collected artifacts |
US8832148B2 (en) * | 2010-06-29 | 2014-09-09 | International Business Machines Corporation | Enterprise evidence repository |
US8402359B1 (en) | 2010-06-30 | 2013-03-19 | International Business Machines Corporation | Method and apparatus for managing recent activity navigation in web applications |
US20120278761A1 (en) * | 2011-04-29 | 2012-11-01 | Symantec Corporation | Method and system for managing duplicate item display |
US20130117218A1 (en) * | 2011-11-03 | 2013-05-09 | Microsoft Corporation | Cross-store electronic discovery |
US9817898B2 (en) | 2011-11-14 | 2017-11-14 | Microsoft Technology Licensing, Llc | Locating relevant content items across multiple disparate content sources |
US9177011B2 (en) * | 2011-12-22 | 2015-11-03 | Magnet Forensics Inc. | Systems and methods for locating application specific data |
US9158825B1 (en) * | 2012-11-09 | 2015-10-13 | Symantec Corporation | Search validity in data backup systems |
US20140244699A1 (en) * | 2013-02-26 | 2014-08-28 | Jonathan Grier | Apparatus and Methods for Selective Location and Duplication of Relevant Data |
EP3080709A4 (en) | 2013-09-09 | 2017-07-05 | Unitedlex Corp. | Interactive case management system |
US10498777B2 (en) * | 2014-03-17 | 2019-12-03 | Citrix Systems, Inc. | Real-time push notifications for cloud-based applications |
US10078668B1 (en) * | 2014-05-04 | 2018-09-18 | Veritas Technologies Llc | Systems and methods for utilizing information-asset metadata aggregated from multiple disparate data-management systems |
US10635645B1 (en) | 2014-05-04 | 2020-04-28 | Veritas Technologies Llc | Systems and methods for maintaining aggregate tables in databases |
CN105224572B (en) * | 2014-06-30 | 2019-11-15 | 北京金山安全软件有限公司 | Method and device for identifying garbage catalogue |
US10826930B2 (en) | 2014-07-22 | 2020-11-03 | Nuix Pty Ltd | Systems and methods for parallelized custom data-processing and search |
US10346550B1 (en) * | 2014-08-28 | 2019-07-09 | X1 Discovery, Inc. | Methods and systems for searching and indexing virtual environments |
US20160253346A1 (en) * | 2015-02-27 | 2016-09-01 | Ricoh Company, Ltd. | Legal Discovery Tool |
US10191907B2 (en) * | 2015-02-27 | 2019-01-29 | Ricoh Company, Ltd. | Legal discovery tool implemented in a mobile device |
US9680844B2 (en) * | 2015-07-06 | 2017-06-13 | Bank Of America Corporation | Automation of collection of forensic evidence |
CN105631327A (en) * | 2015-12-16 | 2016-06-01 | 北京奇虎科技有限公司 | Virus checking and killing method and system as well as client |
US10430361B1 (en) | 2015-12-17 | 2019-10-01 | Cru Acquisition Group, Llc | Combination write blocker |
DE102019134590A1 (en) * | 2019-12-16 | 2021-06-17 | Thomas Schmalz | Device for collecting IT forensically potentially relevant data, methods, computer program product and storage unit |
EP3910511A1 (en) * | 2020-05-13 | 2021-11-17 | Magnet Forensics Inc. | System and method for identifying files based on hash values |
US11461490B1 (en) | 2020-09-23 | 2022-10-04 | Cru Data Security Group, Llc | Systems, methods, and devices for conditionally allowing processes to alter data on a storage device |
CN112533010A (en) * | 2020-11-23 | 2021-03-19 | 北京北笛科技有限公司 | Automatic evidence obtaining method and device for audio and video data in network live broadcast service |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6647400B1 (en) * | 1999-08-30 | 2003-11-11 | Symantec Corporation | System and method for analyzing filesystems to detect intrusions |
US20040073534A1 (en) * | 2002-10-11 | 2004-04-15 | International Business Machines Corporation | Method and apparatus for data mining to discover associations and covariances associated with data |
US6792545B2 (en) * | 2002-06-20 | 2004-09-14 | Guidance Software, Inc. | Enterprise computer investigation system |
US20040260733A1 (en) * | 2003-06-23 | 2004-12-23 | Adelstein Frank N. | Remote collection of computer forensic evidence |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5475625A (en) | 1991-01-16 | 1995-12-12 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Method and arrangement for monitoring computer manipulations |
US5491750A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
US5623652A (en) * | 1994-07-25 | 1997-04-22 | Apple Computer, Inc. | Method and apparatus for searching for information in a network and for controlling the display of searchable information on display devices in the network |
US5944794A (en) * | 1994-09-30 | 1999-08-31 | Kabushiki Kaisha Toshiba | User identification data management scheme for networking computer systems using wide area network |
US5715174A (en) * | 1994-11-15 | 1998-02-03 | Absolute Software Corporation | Security apparatus and method |
US5928323A (en) * | 1996-05-30 | 1999-07-27 | Sun Microsystems, Inc. | Apparatus and method for dynamically generating information with server-side software objects |
US5944791A (en) * | 1996-10-04 | 1999-08-31 | Contigo Software Llc | Collaborative web browser |
DE69703705T2 (en) * | 1996-11-26 | 2001-06-21 | British Telecomm Public Ltd Co | COMMUNICATION SYSTEM |
US6084969A (en) * | 1997-12-31 | 2000-07-04 | V-One Corporation | Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network |
US6012098A (en) * | 1998-02-23 | 2000-01-04 | International Business Machines Corp. | Servlet pairing for isolation of the retrieval and rendering of data |
WO1999066383A2 (en) * | 1998-06-15 | 1999-12-23 | Dmw Worldwide, Inc. | Method and apparatus for assessing the security of a computer system |
US6665702B1 (en) * | 1998-07-15 | 2003-12-16 | Radware Ltd. | Load balancing |
US20010011349A1 (en) * | 1998-09-03 | 2001-08-02 | Greg B. Garrison | System and method for encrypting a data session between a client and a server |
US6601061B1 (en) * | 1999-06-18 | 2003-07-29 | Surfwax, Inc. | Scalable information search and retrieval including use of special purpose searching resources |
US6874088B1 (en) * | 1999-10-22 | 2005-03-29 | Mission Critical Linux, Llc | Secure remote servicing of a computer system over a computer network |
US7120692B2 (en) * | 1999-12-02 | 2006-10-10 | Senvid, Inc. | Access and control system for network-enabled devices |
US20030208689A1 (en) * | 2000-06-16 | 2003-11-06 | Garza Joel De La | Remote computer forensic evidence collection system and process |
US20020156973A1 (en) * | 2001-01-29 | 2002-10-24 | Ulrich Thomas R. | Enhanced disk array |
US6944760B2 (en) * | 2001-05-24 | 2005-09-13 | Openwave Systems Inc. | Method and apparatus for protecting identities of mobile devices on a wireless network |
US7096503B1 (en) * | 2001-06-29 | 2006-08-22 | Mcafee, Inc. | Network-based risk-assessment tool for remotely detecting local computer vulnerabilities |
US7146642B1 (en) * | 2001-06-29 | 2006-12-05 | Mcafee, Inc. | System, method and computer program product for detecting modifications to risk assessment scanning caused by an intermediate device |
US7228566B2 (en) * | 2001-07-10 | 2007-06-05 | Core Sdi, Incorporated | Automated computer system security compromise |
US20030196123A1 (en) * | 2002-03-29 | 2003-10-16 | Rowland Craig H. | Method and system for analyzing and addressing alarms from network intrusion detection systems |
US7711728B2 (en) * | 2002-06-20 | 2010-05-04 | Guidance Software, Inc. | System and method for searching for static data in a computer investigation system |
US20070011450A1 (en) * | 2004-09-14 | 2007-01-11 | Mccreight Shawn | System and method for concurrent discovery and survey of networked devices |
US7370072B2 (en) * | 2002-07-08 | 2008-05-06 | Electronic Evidence Discovery, Inc. | System and method for collecting electronic evidence data |
US7308492B2 (en) * | 2002-10-02 | 2007-12-11 | Sony Corporation | Method and apparatus for use in remote diagnostics |
US6968335B2 (en) * | 2002-11-14 | 2005-11-22 | Sesint, Inc. | Method and system for parallel processing of database queries |
US8892735B2 (en) * | 2006-09-28 | 2014-11-18 | Guidance Software, Inc. | Phone home servlet in a computer investigation system |
-
2006
- 2006-10-06 WO PCT/US2006/039527 patent/WO2007044709A2/en active Application Filing
- 2006-10-06 US US11/544,534 patent/US7809686B2/en active Active
- 2006-10-06 EP EP06816612A patent/EP1934840A4/en not_active Ceased
-
2010
- 2010-08-20 US US12/860,837 patent/US20110047177A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6647400B1 (en) * | 1999-08-30 | 2003-11-11 | Symantec Corporation | System and method for analyzing filesystems to detect intrusions |
US6792545B2 (en) * | 2002-06-20 | 2004-09-14 | Guidance Software, Inc. | Enterprise computer investigation system |
US20040073534A1 (en) * | 2002-10-11 | 2004-04-15 | International Business Machines Corporation | Method and apparatus for data mining to discover associations and covariances associated with data |
US20040260733A1 (en) * | 2003-06-23 | 2004-12-23 | Adelstein Frank N. | Remote collection of computer forensic evidence |
Non-Patent Citations (1)
Title |
---|
See also references of EP1934840A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20110047177A1 (en) | 2011-02-24 |
WO2007044709A2 (en) | 2007-04-19 |
US20070112783A1 (en) | 2007-05-17 |
EP1934840A4 (en) | 2010-12-15 |
US7809686B2 (en) | 2010-10-05 |
EP1934840A2 (en) | 2008-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007044709A3 (en) | Electronic discovery system and method | |
WO2007120954A3 (en) | File origin determination | |
EP1758034A3 (en) | Method, apparatus and program for generating metadata | |
WO2006105301A3 (en) | Apparatus and methods for managing content exchange on a wireless device | |
WO2008027683A3 (en) | Annotating media content with related information | |
EP1772803A3 (en) | Method and system for performing distributed server change operations in a transaction-safe manner | |
WO2010037031A3 (en) | System and method for aggregating web feeds relevant to a geographical locale from multiple sources | |
WO2009072620A1 (en) | Printing management system, printing management method, and program | |
WO2005101186A3 (en) | System, method and computer program product for extracting metadata faster than real-time | |
WO2010019288A8 (en) | Log file time sequence stamping | |
WO2006004670A3 (en) | Methods and systems for managing data | |
EP2060980A3 (en) | Server and client device, and information processing system and method | |
WO2007082314A3 (en) | Digital content metadata registry systems and methods | |
WO2008002578A3 (en) | Methods and apparatus for improving data warehouse performance | |
WO2009148517A3 (en) | Evaluating subject interests from digital image records | |
CA2640736C (en) | Methods and systems for data management using multiple selection criteria | |
WO2007124416A3 (en) | Backwards researching activity indicative of pestware | |
EP1657662A3 (en) | Efficient white listing of user-modifiable files | |
WO2007115098A3 (en) | Method and system for providing focused search results | |
EP1580645A3 (en) | Information-processing system, information-processing apparatus and method, recording medium and program | |
EP2001229A3 (en) | Information processing system, collecting server, information processing method and program | |
WO2009026189A3 (en) | Methods and apparatus for providing location data with variable validity and quality | |
ATE492858T1 (en) | METHOD, SYSTEM AND APPARATUS FOR COLLECTING USER INFORMATION | |
WO2006082576A3 (en) | A method and apparatus for server-side nat detection | |
WO2008125508A3 (en) | Managing entity data in case of multiple entity identities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REEP | Request for entry into the european phase |
Ref document number: 2006816612 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006816612 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |