DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements filed March 31, 2020, April 23, 2020, October 14, 2020, January 19, 2021, April 26, 2021, May 19, 2021, July 8, 2021, July 28, 2021, December 22, 2021, March 3, 2022 and April 17, 2022 have been placed in the application file and the information referred to therein has been considered as to the merits.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: The present invention is directed to a method and system for investigating in real-time potentially malicious uniform resource locators. Independent claim 1 recites the uniquely distinct features of “spoofing at least one externally detectable characteristic of the browsing
session, collecting forensic data from the browsing session while executing the browsing session, and supplying at least a portion of the collected forensic data to the SIEM via the SIEM interface while executing the browsing session, thereby supporting
interactive investigation of suspicious computational behavior through a forensic analysis of live forensic data, said live forensic data being at least partially dependent on the URL and at least partially dependent on the spoofing”. Independent claim 6 recites the uniquely distinct features of “browser receiving live input from a human user during the browsing session, automatically collecting forensic data from the browsing session during the browsing session; and automatically supplying at least a portion of the collected forensic data to a security information and event management tool (SIEM) during the browsing session as live forensic data; whereby the method supports interactive investigation of suspicious computational behavior through a forensic analysis of the live forensic data, said live forensic data being at least partially dependent on the URL and at least partially dependent on the live input”. Independent claim 16 recites the uniquely distinct features of “customizing at least one externally detectable characteristic of the browsing session; automatically collecting forensic data from the browsing session during the browsing session; and automatically supplying at least a portion of the collected forensic data to a security information and event management tool (SIEM) during the browsing session as live forensic data; whereby the storage medium supports interactive investigation of suspicious computational behavior through a forensic analysis of the live forensic data, said live forensic data being at least partially dependent on the URL and at least partially dependent on a result of the customizing”. The closest prior arts, Salsamendi et al. (WO 2014035988), Modi et al (US 20190028557), Hirotomo et al. “Efficient Method for Analyzing Malicious Websites by Using Multi-Environment Analysis System”, and Ahmed et al. “An Automated User Transparent Approach to log Web URLs for Forensic Analysis”, fail to anticipate or render the above underlined limitations obvious.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437