Patents by Inventor Shawn McCreight
Shawn McCreight has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20140244522Abstract: A system and method for conducting forensic investigations by investigators on an investigations field using a mobile device. A digital search warrant is downloaded to the mobile device prior to conducting the forensic investigation. The digital search warrant defines the search parameters of the search to be conducted, including key terms, file types, and the like. The mobile device is coupled to a target device in the investigations field that is the subject of the forensic investigation. The mobile device parses the digital search warrant and automatically identifies and collects data from the target device based on the parsed digital search warrant. The automatically identifying and collecting of the data is done without modifying a state of the target device to retain forensic integrity during the investigation process.Type: ApplicationFiled: February 27, 2014Publication date: August 28, 2014Inventor: Shawn McCreight
-
Publication number: 20140143680Abstract: A method for processing a plurality of electronic items includes: for each item of the electronic items, each item being associated with an item identifier, segmenting, on a processing device, each item into a plurality of segments, for each segment of the plurality of segments: hashing the segment to produce a segment hash value; updating a first table with the segment and the segment hash value; and adding an entry to a second table, the entry including the item identifier and the segment hash value; and outputting, from the processing device, the first table and the second table.Type: ApplicationFiled: September 11, 2013Publication date: May 22, 2014Applicant: Guidance Software, Inc.Inventors: Roger Angarita, Shawn McCreight
-
Patent number: 8464057Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: GrantFiled: December 3, 2010Date of Patent: June 11, 2013Assignee: Guidance Software, Inc.Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Patent number: 8224848Abstract: A system and method for an entropy-based near-match analysis identifies target files that are almost, but not identical, to a reference file. A computing processor computes entropies of the reference and target files, and determines the likeness of the target files to the references file based on the computed entropies. The computing processor determines a near match between the target file and the reference file if the likeness of the two files is within a user-defined tolerance level. According to one embodiment of the invention, the information entropy is a weighted value that takes into account the size of the file.Type: GrantFiled: March 11, 2010Date of Patent: July 17, 2012Assignee: Guidance Software, Inc.Inventors: Shawn McCreight, Dominik Weber
-
Publication number: 20110138172Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: ApplicationFiled: December 3, 2010Publication date: June 9, 2011Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Publication number: 20110106852Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: ApplicationFiled: January 10, 2011Publication date: May 5, 2011Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Patent number: 7900044Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: GrantFiled: September 8, 2004Date of Patent: March 1, 2011Assignee: Guidance Software, Inc.Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Publication number: 20110047177Abstract: A computer investigation system and method that conducts electronic discovery of desired files across a live network in a forensically sound manner. The investigation entails an examining machine electronically identifying, collecting, and preserving evidence from target machines that is responsive to a set of investigation criteria. The set of investigation criteria is associated with an investigation subject that is identified by a global unique identifier (GUID). As the investigation subject is applied to the various files, the responsive files are stamped with the GUID and preserved in a container file referred to as a logical evidence file (LEF). The GUID allows the results of an investigation to be easily and reliably traced to the particular investigation subject that was applied.Type: ApplicationFiled: August 20, 2010Publication date: February 24, 2011Inventors: Shawn McCreight, Jon Stewart, Brent Botta
-
Patent number: 7809686Abstract: A computer investigation system and method that conducts electronic discovery of desired files across a live network in a forensically sound manner. The investigation entails an examining machine electronically identifying, collecting, and preserving evidence from target machines that is responsive to a set of investigation criteria. The set of investigation criteria is associated with an investigation subject that is identified by a global unique identifier (GUID). As the investigation subject is applied to the various files, the responsive files are stamped with the GUID and preserved in a container file referred to as a logical evidence file (LEF). The GUID allows the results of an investigation to be easily and reliably traced to the particular investigation subject that was applied.Type: GrantFiled: October 6, 2006Date of Patent: October 5, 2010Assignee: Guidance Software, Inc.Inventors: Shawn McCreight, Jon Stewart, Brent Botta
-
Publication number: 20100235392Abstract: A system and method for an entropy-based near-match analysis identifies target files that are almost, but not identical, to a reference file. A computing processor computes entropies of the reference and target files, and determines the likeness of the target files to the references file based on the computed entropies. The computing processor determines a near match between the target file and the reference file if the likeness of the two files is within a user-defined tolerance level. According to one embodiment of the invention, the information entropy is a weighted value that takes into account the size of the file.Type: ApplicationFiled: March 11, 2010Publication date: September 16, 2010Inventors: Shawn McCreight, Dominik Weber
-
Patent number: 7711728Abstract: A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.Type: GrantFiled: December 21, 2005Date of Patent: May 4, 2010Assignee: Guidance Software, Inc.Inventors: Dominik Weber, Shawn McCreight
-
Publication number: 20080184338Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: ApplicationFiled: September 8, 2004Publication date: July 31, 2008Applicant: Guidance Software, Inc.Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Publication number: 20070112783Abstract: A computer investigation system and method that conducts electronic discovery of desired files across a live network in a forensically sound manner. The investigation entails an examining machine electronically identifying, collecting, and preserving evidence from target machines that is responsive to a set of investigation criteria. The set of investigation criteria is associated with an investigation subject that is identified by a global unique identifier (GUID). As the investigation subject is applied to the various files, the responsive files are stamped with the GUID and preserved in a container file referred to as a logical evidence file (LEF). The GUID allows the results of an investigation to be easily and reliably traced to the particular investigation subject that was applied.Type: ApplicationFiled: October 6, 2006Publication date: May 17, 2007Inventors: Shawn McCreight, Jon Stewart, Brent Botta
-
Publication number: 20070011450Abstract: A system and method for concurrent investigations of network devices in a data communications network. The network includes an examining machine, a secure server, and various target machines. The secure server receives a request from the examining machine to capture volatile data stored in the target machines, and in response, spawns various processing threads that concurrently attempt connections with the target machines. Upon successful connection with the target machines, a plurality of processes for gathering volatile data are concurrently executed on the responding target machines. The secure server receives the volatile data retrieved and transmitted by the responding target machines. The data is aggregated by the secure server, which transmits the data to the examining machine. The examining machine correlates the received data based on a correlating criteria, and displays the correlated data on a display.Type: ApplicationFiled: September 14, 2004Publication date: January 11, 2007Inventors: Shawn McCreight, Dominik Weber
-
Publication number: 20060101009Abstract: A system and method for concurrent investigations of static data stored in one or more secondary storage devices of one or more target machines in a data communications network. The network includes an examining machine, a secure server, and various target machines. The examining machine transmits to the target machines a search request including a search key. The examining machine also streams to each target machine metadata information and file extents of the files to be searched. The target machines concurrently search the indicated file extents for the search key. The target machines then stream the search results to the examining machine.Type: ApplicationFiled: December 21, 2005Publication date: May 11, 2006Inventors: Dominik Weber, Shawn McCreight
-
Publication number: 20050097366Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: ApplicationFiled: September 8, 2004Publication date: May 5, 2005Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Patent number: 6792545Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: GrantFiled: June 20, 2002Date of Patent: September 14, 2004Assignee: Guidance Software, Inc.Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Publication number: 20030236993Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: ApplicationFiled: June 20, 2002Publication date: December 25, 2003Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett