While the invention is not limited to the application of computer examination services, the fact that it is suitable for digital forensics services highlights the unique nature of this digital data software switching capability. Computer examination services include, but are not limited to, electronic discovery (eDiscovery), digital forensics, incident response, digital investigations, file recovery, system identification, data preservation, data collection and data analysis. In order that computer examination operations produce information that is suitable for use in a court of law, these services must be provided in a manner consistent with accepted practices from the fields of computer forensics and eDiscovery. Computer forensics and eDiscovery are scientific fields that address the identification, preservation, collection and analysis of data stored on computer systems such that the data is suitable for use in a court of law. Electronic discovery (eDiscovery) refers to the discovery of Electronically Stored Information (ESI) in civil litigation proceedings. Those involved in eDiscovery may include computer forensic practitioners, lawyers, IT personnel, and others, yet sound computer forensics practices are employed to the extent that they are reasonable and practical because the data is subject to being used in a court of law.
Computers, in a myriad form of computing devices (e.g. desktops, laptops, tablets, gaming devices, phones, mobile devices, etc.) are increasingly relied upon for personal and business communications, data creation, data management, and in general, as short and long term data repositories. The information that can be found in these data repositories are often sought after to establish innocence or guilt in a court of law, thus the process of identification, preservation, collection and analysis of data stored on subject computer systems must often be accomplished in accordance with procedures that do not preclude the use of the data as evidence in a court of law. The computer forensics and eDiscovery fields offer acceptable processes and procedures for the identification, preservation, collection, and analysis of computer data, but historical application of these processes and procedures have traditionally required the dedication of considerable amounts of time from experienced forensics and eDiscovery practitioners. Thorough analysis of computer media, such as a hard drive, is a time consuming endeavor, and has traditionally required physical access to the subject computing device during some phase of the identification, preservation, collection and analysis process.
A major challenge to providing forensic services is gaining access to the computing device. The computing device can include sensitive data, which if made public could compromise legitimate business or personal interests. Another challenge is that of identifying computing devices which may have desired evidence. A large corporation may have hundreds, perhaps thousands of computers connected by various networks. Culpable data might be present only on relatively few computers, if any. Obtaining physical custody of all these computers could shut down a large enterprise, or otherwise damage legitimate ongoing business operations. Consequently, it is desirable to gain access to computing devices remotely.
Further, computer forensics analysis may be a very time consuming and expensive process. Typically, the forensic practitioner takes custody of the subject computer, documents it, images it, analyzes it, issues a report, and returns the computer to the user. In many instances, this substantial effort may reveal that the computer has no desired evidence stored on it. Consequently, spending such a large effort, in time and money, to determine whether or not evidentiary data is present on a computing device is often not practical or economically feasible. Accordingly, there is a need for more cost effective and efficient remote access to data located on the myriad of network-based computer devices.
There is a growing demand for systems and methods that provide the ability to obtain and control access to the non-transitory computer-readable media of the myriad of existing and forthcoming network capable computing devices. There is a demand for a capability that provides access to digital data on virtually any computer device from virtually any location using an appropriate methodology and system. There is a need for faster, more efficient, and more cost effective methods of accessing the non-transitory computer-readable media of network capable computing devices which can be applied to virtually any network-based file sharing and data access application.
A prior method of remotely conducting an examination is disclosed in our published U.S. patent application serial No. 2011/0113139, filed 17 Jan. 2011 as U.S. patent application Ser. No. 13/007,874, the complete disclosure of which is incorporated herein by reference.