FRANK NATHAN ADELSTEIN
Pilots at Graham Rd, Ithaca, NY

8458805, Jun 4, 2013

May 20, 2009

12/469558

Frank Adelstein - Ithaca NY, US
Carla Marceau - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 7/04

726 27, 726 30, 713187

A forensic device allows a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. The forensic device acquires the computer evidence from the target computing device and filters the computer evidence using an application-specific system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances executing throughout an enterprise. The forensic device presents a user interface through which the remote user views the filtered computer evidence acquired from the target computing device. In this manner, forensic device allows the user to filter the collected computer evidence to data that is likely to have forensic relevance.

7886049, Feb 8, 2011

Aug 12, 2008

12/190314

Frank N. Adelstein - Ithaca NY, US
Judson Powers - Ithaca NY, US
Robert A. Joyce - Ithaca NY, US
Derek Bronner - Chittenango NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 15/16, G06F 15/173

709224, 709217, 709223

In general, the invention provides for analyzing a target computer for computer crimes such as illegal sharing of files or sharing of illegal files on peer-to-peer clients. The target computer may have software for a plurality of peer-to-peer clients. Only one extensible forensic device may be necessary to analyze the plurality of peer-to-peer clients for downloaded or shared files. For example, the invention may provide for a method comprising determining whether one or more peer-to-peer clients are or have been installed on a target device by identifying information associated with one or more peer-to-peer modules, wherein each module is associated with a different one of the one or more peer-to-peer clients. The method further includes, gathering usage information for the one or more peer-to-peer clients that had been determined to be installed on the target computer, analyzing the usage information, and automatically generating a report of the analyzed usage information.

2009020, Aug 20, 2009

Feb 18, 2009

12/388425

Stephen Brueckner - Ithaca NY, US
Frank N. Adelstein - Ithaca NY, US
Haim Bar - Ithaca NY, US
Matthew Donovan - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G09B 19/00, G09B 5/00

434 11

This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

2010029, Nov 25, 2010

Jul 15, 2009

12/503763

Judson Powers - Ithaca NY, US
Frank Adelstein - Ithaca NY, US
Derek Bronner - Chittenango NY, US
Daniel Tingstrom - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 15/173

709224

Examples disclosed herein are directed to techniques for automatically retrieving and processing forensic data from network devices connected to a communications network without requiring device-specific knowledge or training. A mobile forensic device includes and extensible forensic analysis tool that allows on-scene forensic investigators to quickly and automatically acquire data from network devices without device-specific knowledge. The extensible forensic analysis tool is designed for use on handheld mobile computers, enabling on-scene investigators to quickly and easily acquire forensic data from network devices in the field without losing volatile data or shutting down the network.

2012031, Dec 6, 2012

May 31, 2011

13/149634

Judson Powers - Ithaca NY, US
Matthew P. Donovan - Trumansburg NY, US
Frank N. Adelstein - Ithaca NY, US
Michael Kentley - Bend OR, US
Stephen K. Brueckner - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 13/42

710106

An apparatus for mediating communication between a universal serial bus (USB) device and a host computing device is described. In an example, the apparatus includes a USB host interface configured to be connected to a downstream USB device, and a USB device interface configured to be connected to an upstream host computing device. The apparatus also includes a mediation module positioned between the USB host interface and the USB device interface and configured to determine whether the USB device is authorized to communicate with the host computing device.

7748040, Jun 29, 2010

Mar 22, 2005

11/087388

Frank N. Adelstein - Ithaca NY, US
Haim Bar - Ithaca NY, US
Prasanth Alla - McLean VA, US
Nikita Proskourine - Plainville MA, US

Architecture Technology Corporation - Minneapolis MN

G06F 12/14

726 25

Techniques are described for providing security to a protected network. Techniques are described for thwarting attempted network attacks using marked information. The attack correlation system provides marked information to computing devices that probe for sensitive information, and monitors subsequent communications for use of the marked information. In one example, the attack correlation system reroutes communications containing the marked information to a dedicated vulnerable device that logs the communications to monitor the attackers' methods. The attack correlation system may also include functionality to exchange information regarding attempted attacks with other attack correlation systems to gain broader knowledge of attacks throughout one or more networks.

8176557, May 8, 2012

Feb 12, 2009

12/370447

Frank N. Adelstein - Ithaca NY, US
Matthew A. Stillerman - Ithaca NY, US
Robert Joyce - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 12/16

726 23, 726 22, 713187

The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device.

8286249, Oct 9, 2012

May 18, 2010

12/782614

Frank N. Adelstein - Ithaca NY, US
Haim Bar - Ithaca NY, US
Prasanth Alla - McLean VA, US
Nikita Proskourine - Plainville MA, US

Architecture Technology Corporation - Minneapolis MN

G06F 12/14

726 25

Techniques are described for providing security to a protected network. Techniques are described for thwarting attempted network attacks using marked information. The attack correlation system provides marked information to computing devices that probe for sensitive information, and monitors subsequent communications for use of the marked information. In one example, the attack correlation system reroutes communications containing the marked information to a dedicated vulnerable device that logs the communications to monitor the attackers' methods. The attack correlation system may also include functionality to exchange information regarding attempted attacks with other attack correlation systems to gain broader knowledge of attacks throughout one or more networks.

8474047, Jun 25, 2013

May 7, 2012

13/465859

Frank N. Adelstein - Ithaca NY, US
Matthew A. Stillerman - Ithaca NY, US
Robert A. Joyce - Ithaca NY, US

Architecture Technology Corporation - Minneapolis MN

G06F 12/14

726 23, 726 24, 726 25, 713187

The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device.

2004026, Dec 23, 2004

Jun 23, 2003

10/608767

Frank Adelstein - Ithaca NY, US
Matthew Stillerman - Ithaca NY, US
Robert Joyce - Ithaca NY, US

G06F012/00, G06F015/173, G06F009/46

707/202000, 711/161000, 709/224000, 718/100000

The invention is directed to techniques for allowing a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. A forensic device receives input from a remote user that identifies computer evidence to acquire from the target computing device. The forensic device acquires the computer evidence from the target computing device and presents a user interface for the forensic device through which the remote user views the computer evidence acquired from the target computing device. In this manner, forensic device allows the user to interrogate the target computing device to acquire the computer evidence without seizing or otherwise “shutting down” the target device.