DETAILED ACTION
 	Claim 1-19 are pending. This communication responds to Applicant’s amendment and arguments filed on November 12, 2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Authorization for this examiner’s amendment was given in an interview with Joseph Softer #34,438 on December 17, 2021.

Claim Amendment
1.            (currently amended) A multi-engine malicious code scanning method for scanning data sets obtained from a storage device, said method comprising the steps of:
                installing a virtual operating system on a computer system, and arranging such virtual operating system into supporting a plurality of independent operating systems on said computer system; 
                each of said plurality of independent operating systems on said computer system supporting one malware engine, each malware engine on each respective independent operating system functions differently from one another, and employ different scanning software from one another, such that said computer system is configured to host a plurality of different malware engines each operating on its own independent operating system; 
                obtaining at least one 
                also applying a recover data application to said static data set to generate a single archive recovered data set file said single archive recovered data set file also separated from said storage device and stored at said image host;
                selecting a plurality of said available plurality of different malware engines on their own said independent operating system, each configured to analyze the same of both said single archive forensic image file and said single archive recovered data set file such that every single archive forensic image file and said single archive recovered data set file is analyzed by a plurality of selected malware engines simultaneously,
wherein said step of selecting includes displaying a master control point dashboard to a user for said selection of one or more different malware engines, among said plurality of available different malware engines, all for simultaneously scanning said single archive forensic image file and said single archive recovered data set file, 
                initiating independent and simultaneous scannings of the s said selected plurality of different malware engines from said master control point dashboard, 
 	wherein each of said different malware engines, installed on said virtual operating system, are run concurrently
 	creating a single normalized data structure whereas the data produced by each of said malware scanning engines concerning infections found is aggregated and normalized such that said data relating to malware scanning engines is accessible from said normalized data structure, and 
 	generating a combined report, reporting the results of said scans.  

2. (previously presented) The method as claimed in claim 19, further comprising the step of initiating a scanning of said single archive forensic image file and said single archive recovered data set file using said selected plurality of different malware engines using a master control point dashboard on said virtual operating system. 
 
3. (previously presented) The method as claimed in claim 2, further comprising the step of operating a sub-routine for acquiring and verifying selection of data stored on a storage device. 
 
4. (previously presented) The method as claimed in claim 2, further comprising the step of operating a sub-routine for acquiring and verifying said single recovered data set via said master control point dashboard. 
 
5. (previously presented) The method as claimed in claim 2, further comprising the step of operating a sub-routine for registering, unregistering and updating malware engines via said master control point dashboard. 
 
6. (canceled)
 
7. (previously presented) The method as claimed in claim 2, further comprising the step of operating a sub-routine for monitoring the progress of said malware engines scanning of said data stored on a storage device and said recovered data set via said master control point dashboard. 
 
8. (previously presented) The method as claimed in claim 2, further comprising the step of operating a sub-routine for generating a combined report for each of said malware engines reporting the results of said scans, including normalizing reports between said malware engines, via said master control point dashboard.
 
9. (previously presented) The method as claimed in claim 2, wherein said selection of scanning parameters for said selected one or more different malware engines includes is completed after selection of each malware engine.
 
10. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include selection of said reports of results of said scans can include either 2D reports or 3D reports.
 
11. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include selection of a refresh rate for said reports of results of said scans.
 
12. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include selection of an amount of scan data to be produced in said reports of results of said scans.
 
13. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include setting statistical projections of time information required to complete a scan currently underway, and collect said time information for analysis.
 
14. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include allowing for reporting of hardware resources required to support the scanning of said single archive forensic image by said selected malware engines.
 
15. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include settings for displaying a current count of detected malware from said scanning by said selected malware engines.
 
16. (previously presented) The method as claimed in claim 2, wherein said scanning parameters include settings for said reports of the results of said scans for ranking severity of malicious code infections discovered by said scanning.
 
17. (previously presented) The method as claimed in claim 1, wherein said method includes the step of reporting anomalies with said malware engines or said virtual operating system.
 
18. (cancelled)
 
19 (previously presented) The method as claimed in claim 1, wherein said master control dashboard allowing selection of scanning parameters for said selected one or more different malware engines.
 
20.          (new) The A multi-engine malicious code scanning method as claimed in claim 1, wherein said different malware engines are from different vendors.
  
21.          (new) A multi-engine malicious code scanning method for scanning at least one data set obtained from a storage device, said method comprising the steps of:
                installing a virtual operating system on a computer system, and arranging such virtual operating system into supporting a plurality of independent operating systems on said computer system; 
                each of said plurality of independent operating systems on said computer system supporting one malware engine, each malware engine on each respective independent operating system functions differently from one another, and employ different digital signatures from one another to identify instances of malicious code, such that said computer system is configured to host a plurality of different malware engines each operating on its own independent operating system; 
                obtaining at least one data set from a storage device by duplicating the data set from the storage device to an image host and generating a single archive forensic image file of said data set, said single archive forensic image file separate from said storage device and stored at said image host;
                also applying a recover data application to said data set to generate a single archive recovered data set file said single archive recovered data set file also separated from said storage device and stored at said image host;
                selecting a plurality of said available plurality of different malware engines on their own said independent operating system, each configured to analyze the same of both said single archive forensic image file and said single archive recovered data set file such that every single archive forensic image file and said single archive recovered data set file is analyzed by a plurality of selected malware engines simultaneously,
 	wherein said step of selecting includes displaying a master control point dashboard to a user for said selection of one or more different malware engines, among said plurality of available different malware engines, all for simultaneously scanning said single archive forensic image file and said single archive recovered data set file, 
                initiating independent and simultaneous scannings of the data set, without connection to said storage device from which said data set were obtained, using said selected plurality of different malware engines from said master control point dashboard, 
                wherein each of said different malware engines, installed on said virtual operating system, are run concurrently on said single archive forensic image file and said single archive recovered data set file on said image host;
 	creating a single normalized data structure whereas the data produced by each of said malware scanning engines concerning infections found is aggregated and normalized such that said data relating to malware scanning engines is accessible from said normalized data structure, and 
 	generating a combined report from each of said different malware engines, reporting the results of said scans. 

22. (new) The method as claimed in claim 1, wherein said normalized data structure identifies as a single malware, one or more malwares identified differently by each of said malware scanning engines.

23. (new) The method as claimed in claim 22, wherein said identified single malware has a single know malware signature as catalogued by a common vulnerabilities and exposure (CVE) index.

24.  (new) The method as claimed in claim 1, wherein said normalized data structure functions as an access point as a depository of all of the normalized infection reports generated by each of said malware scanning engines.

25. (new) The as claimed in claim 1, further comprising the step of analyzing said normalized data to determine statistical significance to the possibility that a first infection type may be a predictor of a second infection type.

26 (new) The method as claimed in claim 25, further comprising the step of using said statistical significance for predicting the likelihood of discovering additional malicious code infections.

27. (new) The method as claimed in claim 1, wherein said combined report includes information about malware detected configured to allow the generation of a mitigation report.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
 	After further search and consideration, Applicant agrees to amend the claim for compact prosecution since there is no art teaches multi-malware engines running in parallel using different antivirus software to look for different signatures when scanning for the same file and its previously deleted file and creating a single normalized data structure whereas the data produced by each of said malware scanning engines. Therefore, claims 1 and 21 are allowed.
	The closest art is PG Pub 20050086499 (hereinafter Hoefelmeyer) which disclose using different antivirus vendors running in parallel for better coverage (par. [010] and [0026]-[0030]). However, Hoefelmeyer applies the process to scanning traffic flow and also not generating a single normalized data structure produced by each of said malware scanning engines.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Inquiry Communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994.  The examiner can normally be reached on Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.