WO2011122431A1 - フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム - Google Patents
フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム Download PDFInfo
- Publication number
- WO2011122431A1 WO2011122431A1 PCT/JP2011/057141 JP2011057141W WO2011122431A1 WO 2011122431 A1 WO2011122431 A1 WO 2011122431A1 JP 2011057141 W JP2011057141 W JP 2011057141W WO 2011122431 A1 WO2011122431 A1 WO 2011122431A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- digital
- unit
- document
- forensic
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000000605 extraction Methods 0.000 claims description 18
- 238000006243 chemical reaction Methods 0.000 claims description 13
- 239000000284 extract Substances 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 description 16
- 238000007726 management method Methods 0.000 description 15
- 238000012545 processing Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000012552 review Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000006866 deterioration Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/93—Document management systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
- G06Q50/18—Legal services
Definitions
- the present invention relates to a forensic system, a forensic method, and a forensic program, and more particularly, to a forensic system, a forensic method, and a forensic program for collecting digital document information related to a lawsuit.
- Patent Document 1 discloses a forensic system in which a fraudulent person can be efficiently identified by a method capable of proving evidence retention, and the specific reliability is hardly affected by human factors.
- Patent Document 2 discloses a forensic information insurance system that pays insurance money for damages caused by leakage of personal information, and includes forensics that perform subsequent actions such as identification of criminals and legal measures. A system is disclosed.
- the present invention does not analyze all digital information that a person involved in a lawsuit has access to, but a forensic system and a forensic method that analyze digital information accessed by the person concerned
- An object of the present invention is to provide a forensic program.
- the forensic system of the present invention is a forensic system that acquires digital information recorded in a plurality of computers or servers, and analyzes the acquired digital information.
- the digital document information composed of a plurality of document files and the plurality of computers
- a digital information acquisition unit that acquires digital information including user information regarding a user who uses the server and access history information indicating that the user has accessed a document file recorded on the server
- a specific unit is designated from at least one user included in the user information via the recording unit that records the digital information acquired by the display unit, the display unit that displays the recorded digital information, and the display unit.
- the digital document information extraction unit that extracts only the digital document information accessed by a specific person and the document file of the digital document information extracted via the display unit is related to a lawsuit. It is characterized by comprising an incidental information setting unit for setting incidental information indicating whether or not, and an output unit for outputting a document file related to the lawsuit based on the incidental information.
- Access history information indicates that a user using one of a plurality of computers has accessed the digital document information recorded on the server. For example, it includes a user ID indicating who the user is and access information indicating which digital document information the user has accessed at which time.
- the “digital information acquisition unit” acquires digital information recorded in a plurality of computers or servers.
- the digital information acquisition unit stores digital information recorded in the computer or server on an electronic medium. Copy and copy to the forensic system via the electronic medium, or connect the computer or server to the forensic system via a network line, and transfer the digital information recorded on the computer or server to the forensic system. conservee and collect digital information by copying it.
- the “digital information acquisition unit” includes a second digital document information, a second user information, and a second access history information recorded on a second server different from the server.
- the forensic system according to the present invention can acquire not only the digital information but also the second digital information.
- the forensic system according to the present invention can obtain the digital information based on the second access history information. Second digital document information may be extracted.
- the forensic system of the present invention is further based on a text information extracting unit that extracts text information for each of a plurality of document files from a recorded digital document information, a keyword specifying unit that specifies a keyword, and the extracted text information.
- a search unit that searches for a document file including the specified keyword, and the supplementary information setting unit sets supplementary information for the searched document file. .
- the forensic system of the present invention further includes a data conversion unit for converting a document file of digital document information recorded by the recording unit into a predetermined data format, and the document file converted by the data conversion unit is output by the output unit. Until the processing is performed, the processing may be performed in the same manner as the converted data format.
- the forensic system of the present invention further creates statistical data expressed from the data capacity for each data format of the acquired digital document information or statistical data expressed from the data capacity for each data format of the retrieved digital document information.
- a statistical data creation unit may be provided.
- the forensic system of the present invention further includes a timekeeping unit that measures the date and time when digital information is acquired again, and the digital information further includes folder information for storing digital document information.
- the information acquisition unit acquires digital document information and folder information created after the date and time previously measured by the timing unit, and user information and access related to the acquired digital document information and folder information History information may be acquired.
- the “server” is a single server or more, and may be configured by a plurality of servers, for example. Further, for example, the “server” may be any one of two or more of a mail server, a file server, and a document management server.
- the forensic system of the present invention is composed of a plurality of forensic system servers, wherein the digital information extraction unit and the search unit are each separated into the forensic system server, and further separated.
- the forensic system server may be connected via a network.
- the forensic system of the present invention includes a plurality of incidental information setting units, and is characterized in that incidental information can be set by different operators.
- Display refers to a display or the like that can display digital information. “Displaying recorded digital information” may display all user information, digital document information, and access history information, or may display at least one of these pieces of information. Then, at least one of the attribute information of the information (for example, the user's name, the file name of the document file, the person who accessed it, the time, the document file, etc.) may be displayed.
- the attribute information of the information for example, the user's name, the file name of the document file, the person who accessed it, the time, the document file, etc.
- the “output unit” outputs digital document information as some kind of production, and may be, for example, either a printer or a digital document file creation device.
- the forensic method of the present invention is a forensic method for acquiring digital information recorded in a plurality of computers or servers, and analyzing the acquired digital information.
- Acquiring digital information including user information relating to a user who uses the computer or server, and access history information indicating that the user has accessed a document file recorded on the server; and the acquired digital information
- the forensic program of the present invention is a forensic program for acquiring digital information recorded in a plurality of computers or servers, and analyzing the acquired digital information.
- a digitally acquired function for acquiring digital information including user information relating to a user who uses a plurality of computers or servers and access history information indicating that the user has accessed a document file recorded on the server
- a machine that extracts only digital document information accessed by a specific person A function for setting incidental information indicating whether each extracted document file of digital document information is related to a lawsuit, and a function for outputting a document file related to a lawsuit based on the incidental information. Is to realize.
- a specific person is specified, and only digital document information accessed by the specific person is extracted based on the access history information regarding the specified specific person.
- incidental information indicating whether each extracted document file of digital document information is related to a lawsuit, and outputting a document file related to a lawsuit based on the incidental information. It is possible to extract, analyze and confirm only the digital document information accessed by a specific person without checking all the digital document information within the range of access rights that the specific person has. .
- the second digital information recorded in the second server can be used, and based on the second access history information, the second digital information can be used.
- the digital document information recorded on the second server is only accessed by a specific person without checking all the digital information recorded on the plurality of servers. Allows to extract, analyze and confirm.
- the forensic system, the forensic method, and the forensic program of the present invention further include a text information extraction unit, a keyword designating unit, and a search unit.
- a text information extraction unit When setting the information, only the digital document information recorded on the server that has been accessed by a specific person, and a predetermined search narrows down the population of digital document information that may be related to lawsuits. It becomes possible.
- the document file converted by the data conversion unit is processed in the same format as the converted data until it is output by the output unit.
- the statistical data creation unit when the statistical data creation unit is further provided, the statistical data can be visualized and provided to the operator, so that the effort required for preparing the lawsuit can be quickly grasped. Can do.
- the digital information acquisition unit further acquires digital document information and folder information created after the date and time previously measured by the timing unit, When acquiring user information and access history information related to the acquired digital document information and folder information, it is possible to collect the difference of the digital information and load the same digital information from the server or the like every time. Can be reduced.
- the forensic system when each of the digital information extraction unit and the search unit is separated into a forensic system server, the calculation process of each processing unit is performed by each server.
- the processing capability of the entire system can be improved by distributing.
- the auxiliary information setting unit when the auxiliary information setting unit includes a plurality of auxiliary information setting units, the auxiliary information setting unit can set the auxiliary information by different operators. It is possible to perform preparatory work at an early stage by determining whether or not it is evidence material for multiple persons.
- FIG. 1 is a functional block diagram illustrating a configuration of a forensic system according to a first embodiment of the present invention.
- the figure showing the flow of the forensic system service of this invention The figure showing the processing flow of the forensic system of this invention
- FIG. 1 is a functional block diagram showing a configuration of a forensic system 1 in an embodiment of the present invention.
- a forensic system 1 shown in FIG. 1 is composed of a plurality of document files in the forensic system 1 that acquires digital information recorded in a plurality of computers (PCs 2 to 5) and a server 10 and analyzes the acquired digital information.
- Digital document information Digital document information, user information regarding users who use a plurality of computers (PCs 2 to 5) or the server 10, access history information indicating that the user has accessed a document file recorded on the server 10, and
- a digital information acquisition unit 20 that acquires digital information including a recording unit 30 that records the digital information acquired by the digital information acquisition unit 20, a display unit 40 that displays the recorded digital information, and a display unit 40.
- the digital document information extraction unit 60 that extracts only the digital document information accessed by the specific person based on the access history information related to the specified specific person, and the digital extracted via the display unit 40
- An accompanying information setting unit 60 that sets accompanying information indicating whether each document file of document information is related to a lawsuit, and an output unit 120 that outputs a document file related to a lawsuit based on the accompanying information, It is equipped with.
- the control unit 160 includes a display control unit 45, a digital document information extraction unit 60, a text information acquisition unit 80, a management unit 85, a search unit 100, a data conversion unit 110, a statistical data creation unit 130, a clock unit 140, and a CPU 150. It is.
- the forensic system 1 includes a data input device such as a touch panel when the keyboard, mouse, or display unit 40 has a touch panel function.
- a data input device such as a touch panel when the keyboard, mouse, or display unit 40 has a touch panel function.
- a specific person specifying unit 50 As the data input device, a specific person specifying unit 50, an accompanying information setting unit 70, and a keyword specifying unit are provided. There are 90.
- the specific person specifying unit 50, the incidental information setting unit 70, and the keyword specifying unit 90 may be different data input devices or the same data input device.
- the output unit 70 is a recording device or a printer that records data on an electronic medium.
- the configuration of the forensic system 1 as shown in FIG. 1 is realized by calculating and executing a forensic program read into an auxiliary storage device (not shown) by the CPU 150 on the computer.
- the forensic program is stored in a storage medium such as a CD-ROM or distributed via a network such as the Internet and installed in a computer.
- the forensic system 1 will be described as a personal computer.
- the forensic system 1 may be a server, a portable terminal type computer, or the like, and will be described in a second embodiment to be described later. It may be a network type system configuration.
- the digital information acquisition unit 20 acquires digital information recorded in the PCs 2 to 5 or the server 10 used by the user.
- the digital information acquisition unit 20 copies the digital information recorded in the PCs 2 to 5 or the server 10 to a certain electronic medium (for example, USB, CD, DVD, etc.), and digitally transmits the digital information to the forensic system via the electronic medium. Have the information copied.
- a certain electronic medium for example, USB, CD, DVD, etc.
- the digital information acquisition unit 20 converts the digital information recorded in the PCs 2 to 5 or the server 10 into data via the network. By receiving the transmission, the digital information is collected and collected.
- the digital information acquisition unit 20 includes second digital document information, second user information, and second access history information recorded in a server (referred to as a second server) different from the server 10. Second digital information may be acquired.
- the forensic system 1 can use not only the digital information of the server 10 but also the second digital information recorded in the second server, and based on the second access history information, The second digital document information may be extracted.
- the forensic system 1 further includes a text information extracting unit 80 that extracts text information for each of a plurality of document files from a recorded digital document information, a keyword specifying unit 90 that specifies a keyword, and the extracted text information. And a search unit 100 for searching for a document file including a designated keyword.
- the supplementary information setting unit 70 sets supplementary information for the document file searched by the search unit 100.
- the forensic system 1 further includes a data conversion unit 110 that converts a document file of digital document information recorded by the recording unit 30 into a predetermined data format.
- the document file converted by the data conversion unit 110 is output by the output unit 120.
- the data is processed in the same manner as the converted data format until it is output by.
- the forensic system 1 further receives statistical data represented by the data capacity of each acquired digital document information data format, and statistical data represented by the data capacity of each digital document information data format retrieved by the retrieval unit 100. It is provided with 130 parts of statistical data creation to be created.
- the forensic system 1 further includes a timer 140 that measures the date and time when digital information is acquired again, and the digital information further includes folder information for storing digital document information.
- the acquisition unit 20 acquires only digital document information and folder information created after the date and time previously measured by the timing unit 140, and user information related to the acquired digital document information and folder information and Get access history information only.
- the digital information may include digital document information, user information and access history information, and folder information for storing the digital document information.
- the timekeeping unit 140 calculates the date and time when the digital information acquisition unit 20 acquires digital information.
- the display unit 40 displays the display content according to an instruction from the display control unit 45 configured in the control unit 160.
- the server 10 is a single server or more, and may be constituted by a plurality of servers, for example, or may be at least any two or more of a mail server, a file server, and a document management server.
- the forensic system 1 may be a system that can be used simultaneously by a plurality of operators.
- the supplementary information setting unit 70 may be configured by a plurality of data input devices, and a plurality of display units 40 corresponding to the plurality of supplementary information setting units 70 may be prepared.
- the output unit 120 outputs digital document information as some kind of production, and may be a printer or a recording device that records digital information on an electronic medium, for example.
- the forensic system 1 selects and collects digital information related to the lawsuit and collects the digital information recorded in the PCs 2 to 5 and the server 10 for preparatory work for submission of evidence to the court (Preservation). To do.
- the forensic system 1 registers the collected and collected digital information in a database such as the recording unit 30, analyzes the digital information (Analysis), and subdivides it by keyword search and filter processing.
- the recording unit 30 may be included in the computer of the forensic system 1 or may be stored in a server as a separate body from the computer.
- the forensic system 1 reviews the subdivided digital information on the display unit 40, and the operator sets the incidental information for the digital document information via the incidental information setting unit 70.
- the control unit 160 has a maintenance collection analysis function, a process analysis search function, a Review function, and a Production function.
- the maintenance collection / analysis function of the control unit 160 is a case management function (function of the management unit 85) so that data management can be performed for each case, and analysis of the file type and possession amount for each target person / evidence.
- File analysis function (function of search unit 100) capable of analyzing search target files
- file type selection extraction function (function of digital document information extraction unit 60) capable of selecting file types to be searched and viewed
- a maintenance collection function (data conversion unit 110) that enables maintenance collection of the selected file as a separate file.
- the processing analysis search function of the control unit 160 has a full-text search function and a frequently used phrase top extraction function (function of the search unit 100).
- This full-text search function supports multiple languages, enables AND OR NOT search by Boolean operation, enables search using parentheses by Grouping operation, highlights the searched phrase, and functions to make Meta Data Etc.
- the full text search function has an advanced search function, and can perform neighborhood search, regular expression search, and the like.
- the frequently used phrase top extracting function extracts a frequently used phrase within a certain digital document information.
- the Review function of the control unit 160 is set as, for example, an E-mail Family browsing processing function (a function of the search unit 100) that can browse the E-mail Family collectively, or one evaluation or a plurality of evaluations as supplementary information.
- a free design Tag function (function of the search unit 100) that can be searched on the basis of the evaluation
- a free design BookMark function (function of the search unit 100) that enables the search of a MarkMark that has been set with a hierarchical BookMark, and an arbitrary number of characters
- a free input comment field (function of the management unit 85) provided with an inputable comment field, a simultaneous browsing function for a plurality of operators to confirm digital document information, and a case for each viewer account when performing a ReView Each access right, administrator authority, view-only authority, etc.
- Access right control function (function of the management unit 85), in-document write Memo function (function of the management unit 85) that enables writing in the document without changing the body of the digital document information, number of review completed documents (%)
- Case Management function (function of the management unit 85) that enables display
- E-mail Threading function (function of the management unit 85) that displays E-mail threads (reply, transfer, etc.)
- mail exchange E-mail analysis display function for graphical display (function of statistical data creation unit 130)
- similar document display function for automatically classifying and displaying similar documents such as Draft and old version (function of management unit 85), difference of similar documents Similar document difference highlight function that highlights only the part (function of the management unit 85), search hit Having a search to display only the peripheral portion of the phrase Hit partial longitudinal sentence display function (function of the search unit 100).
- the Production function of the control unit 160 is a function for outputting various XML files such as actual files, meta information, and tag information, CSV output, image output, and various load file outputs (by the instruction from the management unit 85, the output unit 120 And a Batch Printing function (a function that can be output by the output unit 120 according to an instruction from the management unit 85) for printing a plurality of selected digital document information.
- the forensic system 1 performs production so that the output unit 120 generates data on the electronic medium.
- the data is recorded on the electronic medium in a predetermined format by a recording device that records the data on the electronic medium.
- the digital information acquisition unit 20 uses, for example, digital document information composed of document files in a general format such as Word format, PDF format, PPT format, Excel format, and usage related to users who use the PCs 2 to 5 or the server 10.
- Digital information including user information and access history information indicating that the user has accessed the document file recorded on the server is acquired (ST1).
- the access history information indicates that the users using the PCs 2 to 5 have accessed the digital document information recorded in the server 10 via the network. For example, a user ID indicating who the user is and access information indicating which digital document information the user has accessed at which time.
- PCs 2 to 5 used by the user are described as four examples as an example, they are not limited to four, and may be a plurality of PCs.
- the digital information acquisition unit 20 records the acquired digital information in the recording unit 30 (ST2).
- the display unit 40 can display digital information (refers to at least one of digital document information, access history information, user information, information indicating only the title of the digital information, and the like) via the control unit 160 (see FIG. ST3).
- the display unit 40 may display all user information, digital document information, and access history information in response to an instruction from the display control unit 45, or display at least one of these pieces of information.
- at least one of the attribute information of the information (for example, the user's name, the file name of the document file, the person who accessed it, the time, the document file, etc.) may be displayed.
- the operator logs in the forensic system 1 while confirming the screen of the display unit 40, and further creates a Case (unit of the highest data group in the database of the forensic system 1). Further, the operator sets and manages a connection destination of a server or the like corresponding to the recording unit 30 in which the digital information is recorded while checking the screen of the display unit 40 (in this case, there are a plurality of recording units 30). . Further, the operator sets and manages the Customian (data holding target person) while checking the screen of the display unit 40. While checking the screen of the display unit 40, the operator creates and manages the status (the middle data group unit of the database of the forensic system 1) composed of the digital document information collected and maintained. Next, while confirming the screen of the display unit 40, the operator relates the Customian to the collected information and the collected target.
- a Case unit of the highest data group in the database of the forensic system 1
- the operator sets and manages a connection destination of a server or the like corresponding to the recording unit 30 in
- the operator may preset which Customian is related to the lawsuit for a plurality of Targets composed of digital document information acquired from the PCs 2 to 5 or the server. .
- the operator selects plural or single targets to be analyzed while confirming the screen of the display unit 40.
- control unit 160 can acquire the digital information recorded in the recording unit 30 and analyze the digital information by various functional units.
- the forensic system 1 includes statistical data represented by the data capacity for each data format of the digital document information recorded in the recording unit 30 or statistical data represented by the data capacity for each data format of the digital document information retrieved by the retrieval unit 100.
- a statistical data creation unit 130 for creating data is provided.
- the operator while confirming the screen of the display unit 40, the operator selects a given subject to be analyzed and a predetermined path (directory) from the target associated with the subject, and obtains the analysis result of the number of files and the capacity of each customian.
- a list can be displayed.
- the operator can display a list of the analysis results of the number of files and the capacity for each Path as a chart while checking the screen of the display unit 40.
- the operator can display a list of analysis results of the number of files and the capacity for each Path (directory) while checking the screen of the display unit 40.
- the operator can display a list of file number and file size analysis results for each File Type as a chart while checking the screen of the display unit 40.
- the operator can display a list of file number and file size analysis results for each file type while checking the screen of the display unit 40.
- the operator can display a list of the analysis results of the number of files and the capacity for each file type as a chart while checking the screen of the display unit 40. Furthermore, the operator can display a list of the analysis results of the number of files and the capacity for each file type as a chart while checking the screen of the display unit 40 only for files that can be searched for text.
- This text searchable file is performed by the text information acquisition unit 80 on the text information that can be extracted from the digital document information recorded in the recording unit 30 in advance.
- the operator designates a specific person (Customian) from the users included in the user information of the digital information recorded in the recording unit 30 by the specific person specifying unit 50 (ST4).
- Customer a specific person
- the operator selects Case, Customian, and Target while checking the screen of the display unit 40.
- the digital document information extraction unit 60 can extract only the digital document information accessed by the specific person based on the access history information related to the specified specific person (Custodian) (ST5). .
- the access history information indicates that a user using one of a plurality of computers has accessed the digital document information recorded on the server. For example, it includes a user ID indicating who the user is and access information indicating which digital document information the user has accessed at which time.
- the correspondence between the ID of Mr. Ko and the document file accessed by Mr. Ko is obtained by previously recording ID information and access history information when using his computer or server. Thus, extraction becomes possible.
- the digital document information extraction unit 60 can extract document files related to a plurality of Customians.
- Target when the operator has set the relationship between Target and Customian, it is determined that it is related as Customian in units of Target, and the specific person designation unit is actually included in the selected Target. Only the document file accessed by the Customian designated by 50 is extracted.
- the operator can perform a search while confirming the screen of the display unit 40 by the function of the search unit 100. Further, the operator can perform simple browsing while confirming the screen of the display unit 40 by the function of the display control unit 45. The operator can grasp the contents of the digital document information by this simple browsing.
- the operator sets incidental information indicating whether each document file of the extracted digital document information is related to a lawsuit (ST6).
- the operator instructs the output unit 120 to output a document file related to the lawsuit based on the incidental information. For example, only the document file assigned with “Hot” may be output, or the document file assigned with “Hot” and “Responsive” may be output.
- the output unit 120 outputs a document file related to the lawsuit based on the incidental information (ST7).
- the forensic system 1 is composed of a plurality of forensic system servers, wherein the digital information extraction unit and the search unit are separated into the forensic system server, and further separated.
- the forensic system may be connected via a network.
- the forensic system 1 may have a network type system configuration as shown in FIG.
- the forensic system 1 of the second embodiment is the same as each processing unit of the forensic system 1 described in the first embodiment, but the respective processing units are distributed and arranged in a plurality of servers.
- the servers are connected via a network. For this reason, the servers may be distributed in the country, or the servers may be distributed in any country.
- the display unit 40 is provided in each of the client PCs 170 to 172.
- the display response can be improved by collecting the data transmission / reception in a virtual client server in a batch between the plurality of client PCs and the UI server.
- the forensic system 1 may be configured by a computer as in the first embodiment, or the forensic system 1 may be configured by a network type system as in the second embodiment.
- the specific person specifying unit 50, the incidental information setting unit 70, and the keyword specifying unit 90 correspond to data input devices provided in the respective client PCs 170 to 172.
- the forensic system 1 specifies a specific person, classifies only the digital document information accessed by the specific person based on the access history information about the specified specific person, extracts the divided digital document information, By setting incidental information indicating whether each extracted document file of digital document information is related to a lawsuit, and outputting a document file related to a lawsuit based on the incidental information, It is possible to extract and analyze only the digital document information accessed by the specific person without confirming all the digital document information within the range of the access authority that the specific person has.
- the forensic system 1 can use the second digital information recorded in the second server.
- the second digital document information is extracted based on the second access history information
- a plurality of forensic systems 1 can be used. It is possible to extract, analyze and confirm only the digital document information recorded on the second server that has been accessed by a specific person without checking all the digital information recorded on the server. To.
- the text information extracting unit 80 and the search unit 100 are provided.
- the supplementary information setting unit 70 sets supplementary information for the retrieved document file
- the digital information recorded on the server is recorded. It is possible to narrow down a population of digital document information that may be related to a lawsuit by a predetermined search, which is only document information accessed by a specific person.
- the document file converted by the data conversion unit 110 is processed in the middle of the processing flow when it is processed in the same format as the converted data format before being output by the output unit 120. This eliminates the wasteful process of data format conversion and eliminates the risk of quality degradation of digital document information.
- the forensic system 1 since the statistical data can be visualized and provided to the operator when the statistical data creation unit 130 is provided, it is possible to quickly grasp the labor required for preparing the lawsuit.
- the digital information acquisition unit further acquires only digital document information and folder information created after the date and time previously measured by the timing unit, When acquiring only user information and access history information related to the acquired digital document information and folder information, it is possible to collect the difference of the digital information and load the same digital information repeatedly from the server or the like every time Can be reduced.
- the processing capacity of the entire system can be improved.
- the incidental information setting unit 70 can set incidental information by different operators. It is possible to perform preparatory work at an early stage by determining whether such a determination is made by a plurality of persons.
- the forensic system 1 of the first embodiment and the second embodiment can be configured by combining the entire system or each processing unit.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Tourism & Hospitality (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Marketing (AREA)
- Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Entrepreneurship & Innovation (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Document Processing Apparatus (AREA)
Abstract
Description
2~5 PC
10 サーバ
20 デジタル情報取得部
30 記録部
40 表示部
45 表示制御部
50 特定者指定部
60 デジタル文書情報抽出部
70 付帯情報設定部
80 テキスト情報取得部
90 キーワード指定部
100 検索部
110 データ変換部
120 出力部
130 統計データ作成部
140 計時部
150 CPU
160 制御部
Claims (11)
- 複数のコンピュータまたはサーバに記録されたデジタル情報を取得し、該取得されたデジタル情報を分析するフォレンジックシステムにおいて、
複数の文書ファイルにより構成されるデジタル文書情報と、前記複数のコンピュータまたはサーバを利用する利用者に関する利用者情報と、該利用者が前記サーバに記録された文書ファイルにアクセスしたことを示すアクセス履歴情報とを含むデジタル情報を取得するデジタル情報取得部と、
前記デジタル情報取得部により取得されたデジタル情報を記録する記録部と、
前記記録されたデジタル情報を表示する表示部と、
前記表示部を介して、前記利用者情報に含まれる少なくとも1人以上の利用者から、特定の者を指定する特定者指定部と、
前記指定された特定の者に関するアクセス履歴情報に基づいて、前記特定の者がアクセスしたデジタル文書情報のみを抽出するデジタル文書情報抽出部と、
前記表示部を介して、前記抽出されたデジタル文書情報の文書ファイルそれぞれが、訴訟に関連するものであるか否かを示す付帯情報を設定する付帯情報設定部と、
前記付帯情報に基づき、訴訟に関連する文書ファイルを出力する出力部とを備えたことを特徴とするフォレンジックシステム。 - 前記デジタル情報取得部は、前記サーバとは異なる第二のサーバに記録された、第二のデジタル文書情報、第二の利用者情報および第二のアクセス履歴情報を含む第二のデジタル情報を取得するものであって、
前記フォレンジックシステムは、前記デジタル情報のみならず、前記第二のデジタル情報を用いることができるものであって、前記第二のアクセス履歴情報に基づいて、第二のデジタル文書情報を抽出することを特徴とする請求項1記載のフォレンジックシステム。 - 前記フォレンジックシステムは、更に、
前記記録されたデジタル文書情報から、前記複数の文書ファイル毎にテキスト情報を抽出するテキスト情報抽出部と、
キーワードを指定するキーワード指定部と、
前記抽出されたテキスト情報に基づいて、前記指定されたキーワードを含む文書ファイルを検索する検索部とを備え、
前記付帯情報設定部が、前記検索された文書ファイルに対して、付帯情報を設定することを特徴とする請求項1または2記載のフォレンジックシステム。 - 前記フォレンジックシステムは、更に、
前記記録部により記録されたデジタル文書情報の文書ファイルを所定のデータ形式に変換するデータ変換部を備え、
前記データ変換部により変換された文書ファイルが、前記出力部により出力される前までの間、変換されたデータ形式と同一のまま処理されることを特徴とする請求項1から3いずれか1項記載のフォレンジックシステム。 - 前記フォレンジックシステムは、更に、
前記取得されたデジタル文書情報のデータ形式毎のデータ容量から表わされる統計データ、または前記検索されたデジタル文書情報のデータ形式毎のデータ容量から表わされる統計データを作成する統計データ作成部を備えたことを特徴とする請求項1から4いずれか1項記載のフォレンジックシステム。 - 前記フォレンジックシステムが、更に、
改めてデジタル情報を取得する際に、その取得する日時を計時する計時部を備え、デジタル情報は、更にデジタル文書情報を保管するフォルダ情報を備えるものであって、
前記デジタル情報取得部は、以前に前記計時部により計時された日時より以後に作成された、デジタル文書情報およびフォルダ情報を取得し、該取得されたデジタル文書情報およびフォルダ情報に関連する、利用者情報およびアクセス履歴情報を取得するものであることを特徴とする請求項1から5いずれか1項記載のフォレンジックシステム。 - 前記フォレンジックシステムは、
複数のフォレンジックシステム用サーバにより構成されるものであって、
前記デジタル情報抽出部と、前記検索部とがそれぞれ、フォレンジックシステム用サーバに分離されたものであり、
更に、前記分離されたフォレンジックシステムがネットワークを介して、接続されたものであることを特徴とする請求項1から6いずれか1項記載のフォレンジックシステム。 - 前記フォレンジックシステムは、複数のオペレータが同時に利用できるものであって、
前記付帯情報設定部は、異なるオペレータにより付帯情報を設定することができることを特徴とする請求項1から7いずれか1項記載のフォレンジックシステム。 - 前記出力部は、プリンタ、デジタル文書ファイル作成装置のいずれかであることを特徴とする請求項1から8いずれか1項記載のフォレンジックシステム。
- 複数のコンピュータまたはサーバに記録されたデジタル情報を取得し、該取得されたデジタル情報を分析するフォレンジック方法において、
複数の文書ファイルにより構成されるデジタル文書情報と、前記複数のコンピュータまたはサーバを利用する利用者に関する利用者情報と、該利用者が前記サーバに記録された文書ファイルにアクセスしたことを示すアクセス履歴情報とを含むデジタル情報を取得するステップと、
前記取得されたデジタル情報を記録するステップと、
前記記録されたデジタル情報を表示するステップと、
前記利用者情報に含まれる少なくとも1人以上の利用者から、特定の者を指定するステップと、
前記指定された特定の者に関するアクセス履歴情報に基づいて、前記特定の者がアクセスしたデジタル文書情報のみを抽出するステップと、
前記抽出されたデジタル文書情報の文書ファイルそれぞれが、訴訟に関連するものであるか否かを示す付帯情報を設定するステップと、
前記付帯情報に基づき、訴訟に関連する文書ファイルを出力することを特徴とするフォレンジック方法。 - 複数のコンピュータまたはサーバに記録されたデジタル情報を取得し、該取得されたデジタル情報を分析するフォレンジックプログラムにおいて、
コンピュータに、
複数の文書ファイルにより構成されるデジタル文書情報と、前記複数のコンピュータまたはサーバを利用する利用者に関する利用者情報と、該利用者が前記サーバに記録された文書ファイルにアクセスしたことを示すアクセス履歴情報とを含むデジタル情報を取得する機能
前記取得されたデジタル情報を記録する機能と、
前記記録されたデジタル情報を表示する機能と、
前記利用者情報に含まれる少なくとも1人以上の利用者から、特定の者を指定する機能と、
前記指定された特定の者に関するアクセス履歴情報に基づいて、前記特定の者がアクセスしたデジタル文書情報のみを抽出する機能と、
前記抽出されたデジタル文書情報の文書ファイルそれぞれが、訴訟に関連するものであるか否かを示す付帯情報を設定する機能と、
前記付帯情報に基づき、訴訟に関連する文書ファイルを出力する機能とを実現させるためのフォレンジックプログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020127014181A KR20130018641A (ko) | 2010-03-29 | 2011-03-24 | 포렌식 시스템과 포렌식 방법 및 포렌식 프로그램 |
US13/514,966 US8799317B2 (en) | 2010-03-29 | 2011-03-24 | Forensic system, forensic method, and forensic program |
CN2011800050363A CN102696039A (zh) | 2010-03-29 | 2011-03-24 | 取证系统、取证方法及取证程序 |
EP11762662.2A EP2509024A4 (en) | 2010-03-29 | 2011-03-24 | JUDICIAL POLICE SYSTEM, METHOD, AND SOFTWARE |
US14/304,838 US20140337367A1 (en) | 2010-03-29 | 2014-06-13 | Forensic system, forensic method, and forensic program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010-075960 | 2010-03-29 | ||
JP2010075960A JP4898934B2 (ja) | 2010-03-29 | 2010-03-29 | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/514,966 A-371-Of-International US8799317B2 (en) | 2010-03-29 | 2011-03-24 | Forensic system, forensic method, and forensic program |
US14/304,838 Continuation US20140337367A1 (en) | 2010-03-29 | 2014-06-13 | Forensic system, forensic method, and forensic program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011122431A1 true WO2011122431A1 (ja) | 2011-10-06 |
Family
ID=44712140
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/057141 WO2011122431A1 (ja) | 2010-03-29 | 2011-03-24 | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム |
Country Status (6)
Country | Link |
---|---|
US (2) | US8799317B2 (ja) |
EP (1) | EP2509024A4 (ja) |
JP (1) | JP4898934B2 (ja) |
KR (1) | KR20130018641A (ja) |
CN (1) | CN102696039A (ja) |
WO (1) | WO2011122431A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015033606A1 (ja) * | 2013-09-05 | 2015-03-12 | 株式会社Ubic | 文書分析システム及び文書分析方法並びに文書分析プログラム |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5567049B2 (ja) | 2012-02-29 | 2014-08-06 | 株式会社Ubic | 文書分別システム及び文書分別方法並びに文書分別プログラム |
JP5530476B2 (ja) | 2012-03-30 | 2014-06-25 | 株式会社Ubic | 文書分別システム及び文書分別方法並びに文書分別プログラム |
JP5526209B2 (ja) | 2012-10-09 | 2014-06-18 | 株式会社Ubic | フォレンジックシステムおよびフォレンジック方法並びにフォレンジックプログラム |
JP5823942B2 (ja) * | 2012-10-09 | 2015-11-25 | 株式会社Ubic | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム |
JP6025487B2 (ja) * | 2012-10-09 | 2016-11-16 | 株式会社Ubic | フォレンジック分析システムおよびフォレンジック分析方法並びにフォレンジック分析プログラム |
JP5823943B2 (ja) | 2012-10-10 | 2015-11-25 | 株式会社Ubic | フォレンジックシステムおよびフォレンジック方法並びにフォレンジックプログラム |
JP5827208B2 (ja) | 2012-11-30 | 2015-12-02 | 株式会社Ubic | 文書管理システムおよび文書管理方法並びに文書管理プログラム |
JP5827206B2 (ja) | 2012-11-30 | 2015-12-02 | 株式会社Ubic | 文書管理システムおよび文書管理方法並びに文書管理プログラム |
US9292698B1 (en) * | 2013-01-18 | 2016-03-22 | Andrew T. Cobb | Method and system for remote forensic data collection |
CN103207972B (zh) * | 2013-01-31 | 2017-02-08 | 厦门市美亚柏科信息股份有限公司 | 计算机操作系统登录密码恢复和解析装置及其方法 |
JP5603468B1 (ja) | 2013-07-31 | 2014-10-08 | 株式会社Ubic | 文書分別システム及び文書分別方法並びに文書分別プログラム |
TW201508525A (zh) | 2013-08-29 | 2015-03-01 | Ubic Inc | 文件分類系統、文件分類方法及文件分類程式 |
TW201510922A (zh) * | 2013-09-10 | 2015-03-16 | Ubic Inc | 數位資訊分析系統、數位資訊分析方法及數位資訊分析程式 |
JP5572252B1 (ja) * | 2013-09-11 | 2014-08-13 | 株式会社Ubic | デジタル情報分析システム、デジタル情報分析方法およびデジタル情報分析プログラム |
JP5592552B1 (ja) | 2013-10-25 | 2014-09-17 | 株式会社Ubic | 文書分別調査システム及び文書分別調査方法並びに文書分別調査プログラム |
WO2015118620A1 (ja) | 2014-02-04 | 2015-08-13 | 株式会社Ubic | 文書分析システム、文書分析方法、および、文書分析プログラム |
JP5685675B2 (ja) * | 2014-08-21 | 2015-03-18 | 株式会社Ubic | 文書分別システム及び文書分別方法並びに文書分別プログラム |
JP5887455B2 (ja) * | 2015-09-08 | 2016-03-16 | 株式会社Ubic | フォレンジックシステムおよびフォレンジック方法並びにフォレンジックプログラム |
CN105959328B (zh) * | 2016-07-15 | 2019-03-12 | 北京工业大学 | 证据图与漏洞推理相结合的网络取证方法及系统 |
JP6404294B2 (ja) * | 2016-10-11 | 2018-10-10 | 株式会社Ubic | フォレンジックシステムおよびフォレンジック方法並びにフォレンジックプログラム |
JP6508729B2 (ja) | 2016-12-02 | 2019-05-08 | トヨタ自動車株式会社 | 電池状態推定装置 |
JP6881156B2 (ja) | 2017-08-24 | 2021-06-02 | トヨタ自動車株式会社 | インピーダンス推定装置 |
CN107506471A (zh) * | 2017-08-31 | 2017-12-22 | 湖北灰科信息技术有限公司 | 快速取证方法及系统 |
CN107562707A (zh) * | 2017-08-31 | 2018-01-09 | 湖北灰科信息技术有限公司 | 电子取证方法及装置 |
CN110457434B (zh) * | 2019-07-19 | 2023-10-27 | 平安科技(深圳)有限公司 | 基于搜索的网页取证方法、装置、可读存储介质及服务器 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006178521A (ja) | 2004-12-20 | 2006-07-06 | Ubic:Kk | デジタル・フォレンジックの方法及びフォレンジックitセキュリティシステム |
JP2007148731A (ja) | 2005-11-28 | 2007-06-14 | Ubic:Kk | フォレンジック事後対応付き情報損害保険システム |
JP2007334412A (ja) * | 2006-06-12 | 2007-12-27 | Fuji Xerox Co Ltd | 検索プログラムおよび検索装置 |
JP2008097484A (ja) * | 2006-10-16 | 2008-04-24 | Hitachi Ltd | ログ管理システムおよびフォレンジック調査方法 |
JP2009205220A (ja) * | 2008-02-26 | 2009-09-10 | Ricoh Co Ltd | 情報検索システム、情報検索方法、情報検索プログラム及び記録媒体 |
Family Cites Families (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5350303A (en) | 1991-10-24 | 1994-09-27 | At&T Bell Laboratories | Method for accessing information in a computer |
US5903646A (en) * | 1994-09-02 | 1999-05-11 | Rackman; Michael I. | Access control system for litigation document production |
JPH11272671A (ja) | 1998-03-20 | 1999-10-08 | Toshiba Corp | 機械翻訳装置及び機械翻訳方法 |
US6381602B1 (en) * | 1999-01-26 | 2002-04-30 | Microsoft Corporation | Enforcing access control on resources at a location other than the source location |
US6493706B1 (en) | 1999-10-26 | 2002-12-10 | Cisco Technology, Inc. | Arrangement for enhancing weighted element searches in dynamically balanced trees |
JP2001222477A (ja) | 2000-02-08 | 2001-08-17 | Nec Corp | 電子メール記事管理システム |
US7693866B1 (en) * | 2000-03-07 | 2010-04-06 | Applied Discovery, Inc. | Network-based system and method for accessing and processing legal documents |
US6985948B2 (en) | 2000-03-29 | 2006-01-10 | Fujitsu Limited | User's right information and keywords input based search query generating means method and apparatus for searching a file |
US7197716B2 (en) * | 2000-12-22 | 2007-03-27 | Merchant & Gould, P.C. | Litigation management system and method |
US7043489B1 (en) * | 2001-02-23 | 2006-05-09 | Kelley Hubert C | Litigation-related document repository |
JP3969628B2 (ja) | 2001-03-19 | 2007-09-05 | 富士通株式会社 | 翻訳支援装置、方法及び翻訳支援プログラム |
JP2003016109A (ja) | 2001-06-29 | 2003-01-17 | Hitachi Ltd | 文書情報管理方法および装置、および管理サーバ |
US20040006594A1 (en) * | 2001-11-27 | 2004-01-08 | Ftf Technologies Inc. | Data access control techniques using roles and permissions |
AU2003207856A1 (en) | 2002-02-04 | 2003-09-02 | Cataphora, Inc | A method and apparatus to visually present discussions for data mining purposes |
JP2003288365A (ja) | 2002-03-28 | 2003-10-10 | Toshiba Corp | 付加情報管理方法及び付加情報管理システム |
US8214391B2 (en) * | 2002-05-08 | 2012-07-03 | International Business Machines Corporation | Knowledge-based data mining system |
JP2003345798A (ja) | 2002-05-23 | 2003-12-05 | Nippon Telegr & Teleph Corp <Ntt> | 翻訳制御方法,翻訳制御装置およびその処理プログラム |
WO2004017226A2 (en) | 2002-08-15 | 2004-02-26 | Her Majesty The Queen In Right Of Canada, As Represented By The Minister Of Health | Method and system for aggregating and disseminating time-sensitive information |
US7865450B2 (en) * | 2003-01-16 | 2011-01-04 | JurInnov Ltd. | System and method facilitating management of law related service(s) |
US7392246B2 (en) * | 2003-02-14 | 2008-06-24 | International Business Machines Corporation | Method for implementing access control for queries to a content management system |
US7761427B2 (en) * | 2003-04-11 | 2010-07-20 | Cricket Technologies, Llc | Method, system, and computer program product for processing and converting electronically-stored data for electronic discovery and support of litigation using a processor-based device located at a user-site |
WO2004111766A2 (en) * | 2003-06-04 | 2004-12-23 | Badisse David Mehmet | System and method for managing cases |
US8458805B2 (en) * | 2003-06-23 | 2013-06-04 | Architecture Technology Corporation | Digital forensic analysis using empirical privilege profiling (EPP) for filtering collected data |
CA2550154C (en) | 2003-12-31 | 2017-04-04 | Thomson Global Resources | Systems, methods, software and interfaces for integration of case law with legal briefs, litigation documents, and/or other litigation-support documents |
ATE551658T1 (de) | 2003-12-31 | 2012-04-15 | Thomson Reuters Glo Resources | Systeme, verfahren, schnittstellen und software zur automatisierten sammlung und integration von entitätsdaten in online-datenbanken und professionellen verzeichnissen |
US20050240578A1 (en) * | 2004-04-27 | 2005-10-27 | Caseknowledge, L.L.C. | Litigation management system and method of providing the same |
US20060069685A1 (en) * | 2004-09-14 | 2006-03-30 | Dickens Tom A | Method and a process, provided through internet based software, for the development, management, and reporting of information regarding contingent liabilities |
EP1828936A2 (en) * | 2004-11-17 | 2007-09-05 | Iron Mountain Incorporated | Systems and methods for managing digital assets |
US20060129445A1 (en) * | 2004-12-09 | 2006-06-15 | Mccallum Rodney H Jr | System and method for scheduling a litigation event |
WO2007044709A2 (en) | 2005-10-06 | 2007-04-19 | Guidance Software, Inc. | Electronic discovery system and method |
WO2007067424A2 (en) | 2005-12-06 | 2007-06-14 | David Sun | Forensics tool for examination and recovery of computer data |
US7814102B2 (en) * | 2005-12-07 | 2010-10-12 | Lexisnexis, A Division Of Reed Elsevier Inc. | Method and system for linking documents with multiple topics to related documents |
JP4100637B2 (ja) | 2005-12-08 | 2008-06-11 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 翻訳のための装置、方法、プログラム及び翻訳支援サービス提供方法 |
JP2007172221A (ja) | 2005-12-21 | 2007-07-05 | Nippon Telegraph & Telephone East Corp | 検疫システム、検疫装置、検疫方法、及び、コンピュータプログラム |
US8391614B2 (en) | 2006-01-25 | 2013-03-05 | Equivio Ltd. | Determining near duplicate “noisy” data objects |
JP4838631B2 (ja) * | 2006-05-17 | 2011-12-14 | 富士通株式会社 | 文書アクセス管理プログラム、文書アクセス管理装置および文書アクセス管理方法 |
EP2044533A2 (en) | 2006-07-17 | 2009-04-08 | Total Recall Aps | A computer-implemented translation tool |
US7716196B2 (en) | 2006-08-07 | 2010-05-11 | Cisco Technology, Inc. | Method for culling a litigation discovery file set |
US7792789B2 (en) | 2006-10-17 | 2010-09-07 | Commvault Systems, Inc. | Method and system for collaborative searching |
US7853611B2 (en) * | 2007-02-26 | 2010-12-14 | International Business Machines Corporation | System and method for deriving a hierarchical event based database having action triggers based on inferred probabilities |
JP2009015659A (ja) | 2007-07-05 | 2009-01-22 | Sky Kk | ファイル監視装置およびファイル監視プログラム |
US7890493B2 (en) | 2007-07-20 | 2011-02-15 | Google Inc. | Translating a search query into multiple languages |
US7941412B2 (en) * | 2007-10-16 | 2011-05-10 | Monica Mary Dunne | Presenting evidentiary information |
US8396838B2 (en) * | 2007-10-17 | 2013-03-12 | Commvault Systems, Inc. | Legal compliance, electronic discovery and electronic document handling of online and offline copies of data |
US20090150168A1 (en) * | 2007-12-07 | 2009-06-11 | Sap Ag | Litigation document management |
US8112406B2 (en) * | 2007-12-21 | 2012-02-07 | International Business Machines Corporation | Method and apparatus for electronic data discovery |
US8126886B2 (en) * | 2007-12-31 | 2012-02-28 | Thomson Reuters Global Resources | System, method, and software for researching, analyzing, and comparing expert witnesses |
JP2009276862A (ja) | 2008-05-13 | 2009-11-26 | Ricoh Co Ltd | 文書管理システム、サーバ装置、クライアント装置、文書管理方法、プログラムおよび記録媒体 |
US8171041B2 (en) | 2008-05-15 | 2012-05-01 | Enpulz, L.L.C. | Support for international search terms |
US8214364B2 (en) * | 2008-05-21 | 2012-07-03 | International Business Machines Corporation | Modeling user access to computer resources |
JP2009294896A (ja) | 2008-06-05 | 2009-12-17 | Hitachi Ltd | データ保管装置、記憶装置に記憶されたデータの開示プログラム、及びデータの開示方法 |
US8090705B1 (en) * | 2008-09-15 | 2012-01-03 | Symantec Corporation | Method and apparatus for processing electronically stored information for electronic discovery |
CN101546364A (zh) | 2008-12-29 | 2009-09-30 | 厦门市美亚柏科资讯科技有限公司 | 一种对存储介质进行自动化智能取证的方法及其系统 |
US8572376B2 (en) * | 2009-03-27 | 2013-10-29 | Bank Of America Corporation | Decryption of electronic communication in an electronic discovery enterprise system |
US8250037B2 (en) * | 2009-03-27 | 2012-08-21 | Bank Of America Corporation | Shared drive data collection tool for an electronic discovery system |
US8412628B2 (en) * | 2009-04-27 | 2013-04-02 | Asset Acceptance, Llc | System and method for legal document authoring and electronic court filing |
CA2718579C (en) | 2009-10-22 | 2017-10-03 | National Research Council Of Canada | Text categorization based on co-classification learning from multilingual corpora |
US8428227B2 (en) | 2010-05-18 | 2013-04-23 | Certicall, Llc | Certified communications system and method |
-
2010
- 2010-03-29 JP JP2010075960A patent/JP4898934B2/ja not_active Expired - Fee Related
-
2011
- 2011-03-24 US US13/514,966 patent/US8799317B2/en not_active Expired - Fee Related
- 2011-03-24 WO PCT/JP2011/057141 patent/WO2011122431A1/ja active Application Filing
- 2011-03-24 KR KR1020127014181A patent/KR20130018641A/ko not_active Application Discontinuation
- 2011-03-24 CN CN2011800050363A patent/CN102696039A/zh active Pending
- 2011-03-24 EP EP11762662.2A patent/EP2509024A4/en not_active Withdrawn
-
2014
- 2014-06-13 US US14/304,838 patent/US20140337367A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006178521A (ja) | 2004-12-20 | 2006-07-06 | Ubic:Kk | デジタル・フォレンジックの方法及びフォレンジックitセキュリティシステム |
JP2007148731A (ja) | 2005-11-28 | 2007-06-14 | Ubic:Kk | フォレンジック事後対応付き情報損害保険システム |
JP2007334412A (ja) * | 2006-06-12 | 2007-12-27 | Fuji Xerox Co Ltd | 検索プログラムおよび検索装置 |
JP2008097484A (ja) * | 2006-10-16 | 2008-04-24 | Hitachi Ltd | ログ管理システムおよびフォレンジック調査方法 |
JP2009205220A (ja) * | 2008-02-26 | 2009-09-10 | Ricoh Co Ltd | 情報検索システム、情報検索方法、情報検索プログラム及び記録媒体 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2509024A4 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015033606A1 (ja) * | 2013-09-05 | 2015-03-12 | 株式会社Ubic | 文書分析システム及び文書分析方法並びに文書分析プログラム |
Also Published As
Publication number | Publication date |
---|---|
US8799317B2 (en) | 2014-08-05 |
CN102696039A (zh) | 2012-09-26 |
JP4898934B2 (ja) | 2012-03-21 |
US20120246185A1 (en) | 2012-09-27 |
KR20130018641A (ko) | 2013-02-25 |
US20140337367A1 (en) | 2014-11-13 |
EP2509024A1 (en) | 2012-10-10 |
EP2509024A4 (en) | 2013-10-09 |
JP2011209930A (ja) | 2011-10-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4898934B2 (ja) | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム | |
JP4868191B2 (ja) | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム | |
JP4995950B2 (ja) | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム | |
JP5669785B2 (ja) | フォレンジックシステム | |
CA2698179A1 (en) | Document search tool | |
JP5294002B2 (ja) | 文書管理システム、文書管理プログラム及び文書管理方法 | |
Halman et al. | Catchii: Empowering literature review screening in healthcare | |
JP5690301B2 (ja) | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム | |
JP5087169B2 (ja) | フォレンジックシステム及びフォレンジック方法並びにフォレンジックプログラム | |
JP5834130B2 (ja) | フォレンジックシステム | |
JP4980488B2 (ja) | フォレンジックシステム及びフォレンジックプログラム | |
JP4987434B2 (ja) | 電文データの監査用保管・検索システム、電文データの監査用保管・検索方法、および電文データの監査用保管・検索プログラム | |
WO2014113327A2 (en) | Intellectual property asset information retrieval system | |
JP2011086156A (ja) | 漏洩情報追跡システムおよび漏洩情報追跡プログラム | |
Kahvedžić | Digital forensics and the DSAR effect | |
JP2008129814A (ja) | 文書管理方法、文書管理システム、プログラム及び記録媒体 | |
TW201437951A (zh) | 文件管理系統、文件管理方法及文件管理程式 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11762662 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20127014181 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13514966 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011762662 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |