United States Patent and Trademark Office grants Red, Amber and Green Status Technology Patent for Detego Software.
What is the patent?
The technical bit: A data search method for computer forensic investigation comprising; inputting at least one pre-determined search term searching a computer or digital device that is powered on in a forensically sound state for data matching one or more of the predetermined search terms to identify target data from any file names; strings, hash values or hash functions; installed programs; MAC and IP addresses; and/or metadata; following identification of such target data, the data will be appropriately tagged and categorised (the categories and tags can be named differently to the terms they contain) according to wherein the data search method simultaneously searches for target data and categorises the target data.
What this means: Users will be shown a red, amber or green status as they are actively extracting data. Meaning they are able to seize suspicious devices immediately which is essential for certain users, for example in time-critical scenarios for the police.
Where within the Detego product set is this patent?
This method is used within Detego Field Triage, Media Acquisition and Ballistic Imager.
Why is this technology important for DF users?
Known processes and tools and their associated devices for examining computers can be inefficient and slow because they rely on multi-stage processes for data extraction. Existing systems often rely on the search skills of an investigator which can take days or even weeks to analyse target devices, alongside risks associated such as the possibility of human error.
The benefits of the patent
- By displaying an indicator as the data is searched, the user can gain a visual indication of whether the target device is of concern, as well as the level of concern.
- The user does not need to be skilled in computer forensics or analysis.
- The traffic light system means if users see a green indicator, the investigator can dismiss the target device and move on to the next.
- If an investigator sees a red indicator, the operator can either allow the extraction to complete or stop the process and store previously searched data up to the point of termination – with full knowledge that the device contains material or content of the highest priority.
- Ability to quickly and efficiently identify high priority target data and provide an early alert, usually within one or two minutes.
- The speed of the traffic light system is essential for life-threatening situations, for example a military user searching for data in time-critical and dangerous scenarios.