Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is in response to the communication filed on 1/4/2021.
Claims 1-5, 7-9 and 11-13 are rejected. 
Claims 6 and 10 are cancelled. 

Response to Arguments
Applicant arguments, dated 1/4/2020 have been fully considered. 
Applicant’s arguments with respect to the claims have been considered but are moot because the arguments do not apply to the references being used in the current rejection.
Any objections or rejections not set forth below have been withdrawn.  
Examiner is open for phone call interview to discuss further with applicant’s representative for the purpose of compact prosecution. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 


Claims 1-4, 7-9 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2014/0317681 to Shende et al. (hereinafter known as “Shende”) and further in view of U.S. Patent 9,565,200 to Bacastow et al. (hereinafter known as “Bacastow”). 

As per claim 1 Shende teaches a system for analyzing forensic data, the system comprising: 
an analysis unit for analyzing the forensic data stored in the cloud system, wherein the analysis unit is arranged in the cloud system (Shende teaches Fig 1 element 1000 and 1005, para 22 and 24 teaches cloud forensic service FRaaS (interpreted as forsensic data analysis) which analyzes – access, logs, timestamps and other datanalysis for verification and reporting)  local to the forensic data and having restricted visibility in the clouds system by use of a firewall (Shende Fig 7 element 7001 (analysis unit), element 7002 (Firewall) and para 44 teaches secure access to data for external users via logical and physical firewalls within process 7000 to monitor access. Further Fig 1 para 25 also teaches where analysis unit 1002 and 1010 are separated by firewall, example Fig 1 – admin unit 1001 and analysis 1010 are separated by firewall 1002 of Fig 1 which covers claimed function. Examiner interprets that Shende’s teaching of logical and physical within the cloud system to protect, monitor access and secure data covers the claimed function as both recite similar limitation), so that the forensic data stored in the cloud system is  (Shende Fig 1 elements 1002, 1003 and 1005 para 23, 24 and 31 teaches verification of cloud data with IGP (instant gathering process – where data in instant process is original format). Examiner interprets flow of data in Fig 1 as following – element 1003 aggregates log data with gathering process of data and element 1005 with instance analytics of aggregated data in cloud system element 1000 / 1002 as described in para 22 as analysis of original forensic data in cloud system and not in remote environment), 
an operating unit (Shende Fig 1 element 1001, para 22-23 teaches Admin unit interpreted as operating unit of claim function) for operating the analysis unit (Shende Fig 1 element 1001 interacting with element 1020, para 22 and 24 teaches where Admin and User login GUI interacts with Cloud FRaaS unit); 
wherein the operating unit is arranged outside the cloud system in a manner remote from the analysis unit (Shende para 22-23 and Fig 1 element 1001 teaches admin unit with system setting’s and policy rules which is segmented outside core FRaaS (cloud service) which exist outside the Cloud FRaas system element 1010 (interpreted as analysis unit) and with firewall 1002 between admin unit and Cloud Forensic system), which covers the claimed limitation). 
Shende does not teach however Bacastow teaches, 
wherein the analysis unit is set up to directly incorporate storage units of the cloud system, which contain the forensic data to be analyzed (Bacastow Fig 1 element 10 analytic unit and element 14 meta unit teaches where analytic unit analyzes metadata of for forensic data col 6 lines 45 – 65 teaches description of analytic unit (10) and col 7 lines 20 – 35 teaches description of meta table (14). Further Fig 1 teaches Forensic cloud computing platform and col 6 lines 25 -55 teaches where FCCP includes API’s connecting each module as part of cloud module and col 6 lines 55-67 teaches analytics component element (10) as part of forensic computing platform which includes data logs (storage of data) col 7 further teaches storage of private and confidential data (col 7 lines 1-10) within forensic cloud platform - which covers the claimed limitation). 
Shende teaches forensic data analysis in sandbox environment to inspect for malware in cloud environment. Shende does not teach Bacastow teaches forensic data analysis of storage units within cloud system t. Shende – Bacastow are analogous art because they are from forensic data analysis in IT system. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Shende – Bacastow before him or her, to combine forensic data analysis of Shende with Bacastow’s forensic data analysis in cloud system. The suggestion/motivation for doing so would have been to detect data loss prevention for data being stored in unprotected environment (Bacastow col 2 lines 35-45). 
            As per claim 2 combination of Shende – Bacastow teaches, the system as claimed in claim 1, wherein the operating unit is set up to operate the analysis unit by (Shende Fig 1 element 1001, para 22 - 24 and 26 is cloud based forensic data analysis system and para 65 teaches where cloud FRaaS is remote access system. Further para 23 teaches block 1001 which is segmented from the core FRaaS by a logical firewall 1002 – examiner interprets that element 1001 is the operating unit of the analysis unit 1010 which covers the claimed limitation). 
As per claim 3 combination of Shende – Bacastow teaches, the system as claimed in claim 1, wherein the analysis unit is a virtualized analysis unit (Shende para 29, 57 and 96 teaches virtual environment of cloud data analysis). 
As per claim 4 combination of Shende – Bacastow teaches, the system as claimed in claim 1, wherein the analysis unit is based on a model (Shende para 21 teaches cloud computing model (interpreted as analysis unit) and further para 53-54 teaches creating a baseline security model and para 97 teaches secure analysis based on Cloud Forensic system model). 
As per claim 7 combination of Shende – Bacastow teaches, the as claimed in claim 1, wherein the analysis unit is set up to locally store the forensic data to be analyzed in an encrypted storage area (Shende para 33, 34 teaches user data within secure storage area including encrypted data). 
As per claim 8 combination of Shende – Bacastow teaches, the as claimed in claim 1, wherein the analysis unit and the operating unit are set up to communicate by means of asymmetric authentication (Shende para 40 Fig 5 teaches authentication. Para 67 and 78 teaches encryption keys, hashed encryption keys and user private key authentication – where private key is only known to authorized user(s) is similar to function of asymmetric authentication as known in art). 
As per claim 9 combination of Shende – Bacastow teaches, the as claimed in claim 1, wherein the analysis unit is set up to communicate with predefined units (Shende Fig 1 para 22, 24 and 26 teaches forensic data analysis via Fig 1 element unit 1003 data collection / log aggregation unit, data analysis unit element 1005 and Policy unit element 1050 which is interpreted where analysis unit communicates with predefined units, which covers claimed limitation).  
As per claim 11 combination of Shende – Bacastow teaches, the system as claimed in claim 1, wherein the analysis unites is set up to monitor network traffic in the cloud system (Shende para 22 teaches data analysis with verification in cloud system). 
Claim 12, 
Claim 12 is rejected in accordance with system of claim 1.

Claim 13, 
Claim 13 is rejected in accordance with system of claim 1.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2014/0317681 to Shende et al. (hereinafter known as “Shende”) and in view of U.S. Patent 9,565,200 to Bacastow et al. (hereinafter known as “Bacastow”) and further in view of U.S. Publication 2014/0181975 to Spernow et al. (hereinafter known as “Spernow”). 
As per claim 5 Shende-Bacastow teaches, the system as claimed in claim 1. 
Shende-Bacastow does not teach however Spernow teaches, wherein the analysis unit is set up to store storage units of the cloud system, which contain the forensic data to be analyzed, as a local copy (Spernow para 643 teaches forensic analysis of local copy of data, where FTK (Forensic Tool Kit) imager with forensic data imaging as local copy of FTK imager. Examiner interprets local copy of FTK data as local copy forensic data analysis). 
Shende-Bacastow teaches forensic data analysis in sandbox environment to inspect for malware in cloud environment. Shende-Bacastow does not teach Spernow teaches forensic data analysis of local copy of forensic data. Shende-Bacastow-Spernow are analogous art because they are from forensic data analysis in IT system. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Shende-Bacastow-Spernow before him or her, to combine forensic data analysis of Shende-Bacastow with Spernow’s local copy data analysis. The suggestion/motivation for doing so would have been to detect presence of malicious code infection in computer system (para 3). 

Conclusion
	Claims 1-5, 7-9 and 11-13 have been rejected. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.



Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431