A data retention probe for a packet-switched, mobile telecommunications network employs interfaces to connect to interfaces carrying traffic on a mobile network side of a gateway node and on a global internet side of the gateway node. A FPGA creates for each packet at least one fingerprint of one or more fields that are unchanged as part of the address translation performed by the gateway node and to create informative metadata for those packets. A processing unit: (1) receives from the FPGA the fingerprints and metadata and maintains flow records for each flow of packets seen on each side of the gateway node; and (2) compares the fingerprints and, where a match is found, determines those packets to be part of the same communication session and creates a record correlating internal IP address or a subscriber identifier to external IP address and port number.

The system disclosed provides an efficient mechanism for acquiring email and other data from remote systems in a forensically sound manner. Email for users can be requested by investigators from email servers across the country. It is then be automatically acquired and made available to the examiner, subject to approval, and any others he deems have a need-to-know on a web based system. The data can be searched and bookmarked, and the bookmarks shared. Data can also be uploaded manually and combined with email data in the searching, bookmarking, and sharing.

Provided are systems and methods for employing remote forensics and data security services over public and private networks by obtaining full access to digital data from the non-transitory computer-readable media of geographically dispersed computing devices such that the entire physical or logical media from each device is fully accessible to one or more user computers over the network. This is achieved via WebSocket technology implemented in point-to-point connection configurations, WebSocket technology implemented in network based digital data software switch configurations, and in combinations thereof. Application of these systems and methods are generally employed for the purpose of conducting remote examinations and remediation efforts upon electronic data comprising non-transitory computer-readable media on a network accessible computing device. As a few examples, the application of these systems and methods may be applied for the purposes of data sharing, remote computer support, data recovery, data loss prevention, data backup, eDiscovery (electronic discovery), digital forensics, remote monitoring, audit compliance, incident response, security incident remediation, and mobile device data management purposes. Examples of computing devices include, but are not limited to, workstations, laptops, tablets, smart phones, network routers, network switches, mobile computing devices, electronic sensors, and any device comprising the Internet of Things (IoT).

Disclosed herein is a method and system to determine whether a payment terminal has been tampered with based on a comparison of attestation data received from the payment terminal, for example in an offline mode when an otherwise secure remote server cannot be reached. If the determination yields that the request has been approved, the terminal generates an attestation ticket having one or more validity conditions, wherein the validity conditions include expiration time that indicates the time after which the attestation ticket becomes invalid. The attestation ticket can be used as long as it is valid or until another trigger causes the ticket to be invalidated or regenerated.

Methods and systems for round-robin e-mail scheduling are disclosed. A plurality of e-mail addresses, comprising a first e-mail address and a second e-mail address, are acquired. A first e-mail is sent to the first e-mail address. It is automatically determined whether the first e-mail was successfully delivered to the first e-mail address. If the first e-mail was not successfully delivered to the first e-mail address, a second e-mail comprising the same message content is automatically sent to the second e-mail address.

According to one aspect, a system for locating application-specific data that includes a server, a broker, and an agent. An operator may define a command using the server, and this command may be sent to the broker. The broker may then send the command to the agent operating on an end-point system. The agent may then conduct an application-specific data search on the end-point system in respect of the user command. Search results may then be sent to the broker. The broker may then sent the search results to the server.

Techniques for providing a virtual cleanroom data processing environment are described herein. In one or more embodiments, a virtual private cloud environment is configured to prevent data from being sent to network locations external to the virtual private cloud environment. One or more computing resources deployed within the virtual private cloud environment receives, from a first source external to the virtual private cloud environment, a first set of data that is associated with a first user account. A set of one or more software components, received from a second source, are also deployed within the virtual private cloud environment. Once deployed, the set of software components generates, based at least in part on the first set of data, a set of output data. The first set of data is continuously prevented from being sent to network locations external to the virtual private cloud environment.

Particular embodiments described herein provide for a system that can be configured to facilitate the use of a blockchain for distributed denial of service attack mitigation, the system can include a network security provider and a validating node. The network security provider can recognize that a distributed denial of service (DDoS) attack is occurring, create a block that includes data related to the DDoS attack, and publish the block that includes the data related to the DDoS attack for addition to a blockchain. The validating node can validate the block that includes the data related to the DDoS attack and the block that includes the data related to the DDoS attack can be added to the blockchain. The block that includes the data related to the DDoS attack can be analyzed to determine how to mitigate a similar DDoS attack.

A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.