DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Amendment
	This Office Action has been issued in response to Applicant’s Communication of amended application S/N 17/206,178, filed on May 3, 2022.  Claims 41 to 60 are currently pending with the application.
	
Claim Objections
Claims 41, 53, and 60 are objected to because of the following informalities:  
Claim 41 reads “search of a different predetermined subset of sectors or addresses” in line 6, and should read “search at different predetermined subset of sectors or addresses”. 
Claim 41 recite the limitations “receiving a selection of at least one selected search type” in line 8 and “receiving a selection of the at least one selected application” in line 14, which are confusing and/or redundant.  For purposes of clarity they should read “receiving a selection of at least one search type” and “receiving a selection of the at least one application,” respectively.
Same rationale applies to claims 53 and 60, since they recite similar limitations.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 41 to 60 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 41 reads “the predetermined subset of sectors or addresses” in lines 2 and 6, at page 3. There is insufficient antecedent basis for this limitation in the claim.  
Same rationale applies to claims 53 and 60, since they recite similar limitations, and to claims 42 to 52, and 54 to 59, since they inherit the same deficiencies by virtue of their dependency on claims 41 and 53.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 60 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
Claim 60 recites “a computer program product for searching…”. The claim does not fall within at least one of the four categories of patent eligible subject matter because it is drawn to a computer program/software per se, as various program code/abstract instructions can be interpreted by one of ordinary skill in the art as software per se, and not tangibly embodied and stored on appropriate non-transitory computer readable storage medium in a manner so as to be executable by computer. Therefore, a computer program is not a physical thing nor a process as they are not “acts” being performed, it is software per se. Software per se is non-statutory subject matter (See current 35 USC 101 Guidelines including MPEP 2111.01 and the Kappos memo on Subject Matter Eligibility of Computer Readable Media).
It is noted that computer programs embodied on a non-transitory computer readable medium or other structure, which would permit the functionality of the program to be realized, would be directed to a product and be within a statutory category of invention, so long as the computer readable medium is not disclosed as non-statutory subject matter per se (signals or carrier waves).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 41, 42, 45, 49 to 51, 53 to 57, and 60 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over McCreight et al. (U.S. Publication No. 2011/0047177) hereinafter McCreight, and further in view of Yang et al. (U.S. Patent No. 8,112,800) hereinafter Yang.
As to claim 41:
McCreight discloses:
A method of searching for application-specific data from among unidentified data stored on at least one data storage device, the method comprising executing via a computing device comprising at least one processor: 
generating and displaying a first user interface (UI) including a plurality of selectable search types, wherein each of the plurality of search types conducts a search of a different predetermined subset of sectors or addresses of the at least one data storage device [Paragraph 0057 teaches investigation subject may be selected to conduct an investigation; Paragraph 0058 teaches investigation subject includes a target list of addresses, and/or address ranges that are to be scanned for the investigation; Paragraph 0100 teaches investigation criteria sets are defined for the investigation subjects, where the investigation subject is the search type; Paragraph 0095 teaches keyword files may be used for different investigation subjects; Paragraph 0099 teaches GUI screen for viewing and/or editing an investigation subject]; 
receiving a selection of at least one selected search type from the plurality of selectable search types via the first UI [Paragraph 0057 teaches investigation subject may be selected to conduct an investigation]; 
generating and displaying a second UI including a plurality of selectable applications, wherein receiving a selection of at least one application causes the at least one processor to execute a search for application-specific data of the at least one selected application according to the at least one selected search type [Paragraph 0046 teaches filter conditions may be based on different file extensions, like .doc, .xls, .pps, .ppt, for Microsoft Office files, etc.; Paragraph 0089 teaches GUI screens for setting filter conditions upon selection, including file extension properties, hence, applications; Paragraph 0090 teaches combining various filter conditions; Paragraph 0091 teaches including Microsoft office files, hence, specifying an application];  
receiving a selection of the at least one selected application via the second UI [Paragraph 0046 teaches filter conditions may be based on different file extensions, like .doc, .xls, .pps, .ppt, for Microsoft Office files, etc.; Paragraph 0089 teaches GUI screens for setting filter conditions upon selection, including file extension properties, hence, applications]; and 
executing the search, comprising: for each of the at least one selected search type, searching the unidentified data of the at least one data storage device at the predetermined subset of sectors or addresses corresponding to the selected search type to locate the application-specific data associated with the at least one selected application [Paragraph 0038 teaches defining a set of investigation criteria and initiating investigation; Paragraph 0049 teaches filter conditions may be set to indicate deleted file status; Paragraph 0057 teaches upon selection of a particular investigation subject, determining that a command was provided to initiate the investigation; Paragraph 0061 teaches scanning the target machines; Paragraph 0062 teaches applying the investigation subject to the files in the target machine], wherein the searching comprises: 
examining the unidentified data at the predetermined subset of sectors or addresses to detect at least one application-specific data pattern indicative of the at least one selected application [Paragraph 0062 teaches applying the investigation subject to the files in the target machine; Paragraph 0046 teaches filter conditions may be based on different file extensions, like .doc, .xls, .pps, .ppt, for Microsoft Office files, etc., where the extension of the files are data patterns for each type of application]. 
McCreight does not appear to expressly disclose for each application-specific data pattern detected in the unidentified data, executing an application validation process on a subset of the unidentified data for the at least one selected application to determine that the subset of the unidentified data comprises valid data associated with the at least one selected application.
Yang discloses:
for each application-specific data pattern detected in the unidentified data, executing an application validation process on a subset of the unidentified data for the at least one selected application to determine that the subset of the unidentified data comprises valid data associated with the at least one selected application [Column 19, lines 35 to 43 teach determining applications associated with the identified patterns, where in the case that port number “80” is identified, selecting the node corresponding to “HTTP”, where in some cases, multiple common programs may use the same port number, for example, e-mail clients such as Mozilla Thunderbird and Microsoft Outlook, as well as Internet Relay Chat (IRC) clients, each commonly use port number 113 for identifying the username/account ID associated with a particular communication; Column 19, lines 50 to 67 teach after selecting a node from application tree, extracting an application signature from the selected node, for example, HTTP node of application tree includes an HTTP signature, as well as Kazaa node, which includes a Kazaa_HTTP signature, and YMSG node, which includes an YMSG_HTTP signature, and further applying the signature to the data, to determine whether there is a match, where the signature may be a pattern, therefore, executing an application validation process specific for each of the associated applications].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to execute, for each application-specific data pattern detected in the unidentified data, an application validation process on a subset of the unidentified data for the at least one selected application to determine that the subset of the unidentified data comprises valid data associated with the at least one selected application, as taught by Yang [Columns 19], because both inventions are directed to searching and discovering data of interest; incorporating a validation process for the identified data patterns enables to effect intrusion detection and prevention, and enables thereby the detection and identification of sophisticated attack behaviors with higher accuracy (See Yang [Col 3, 53-67], [Col 4, lines 54-64]).
Claims 53 and 60 are rejected under the same rationale as claim 41, since they recite similar limitations.

As to claim 42:
McCreight discloses:
the first UI and the second UI are the same UI [Fig. 3, Investigation Subject GUI; Paragraph 0089 teaches GUI for setting filter conditions upon selection, including file extension properties (applications) and logical path of files (addresses)].
Claim 54 is rejected under the same rationale as claim 42, since it recites similar limitations.

As to claim 45:
McCreight discloses:
the plurality of selectable search types comprise a search type configured to search for the application-specific data in predetermined file and folder locations on the at least one data storage device where relevant application-specific data is commonly found [Paragraph 0045 teaches filter conditions may be set to specify particular folders or directories].
Claim 59 is rejected under the same rationale as claim 42, since it recites similar limitations.

As to claim 49:
McCreight discloses:
the plurality of selectable search types comprise a user-configured search type configured to search file or folder locations specified by the user via the first UI or the second UI, and wherein when the user- configured search type is selected, the predetermined subset of sectors or addresses in the at least one data storage device comprises the file or folder locations specified by the user [Paragraph 0058 teaches generating a list of target locations to be scanned, which include address ranges provided by the examiner; Paragraph 0045 teaches filter conditions may be set to specify particular folders or directories].

As to claim 50:
McCreight discloses:
receiving a user selection of files, folders, or locations on the at least one data storage device not to be included in the search [Paragraph 0045 teaches filter conditions may be set to exclude certain directories from the search].

As to claim 51:
McCreight discloses:
displaying as a selectable option in a third user interface at least one predetermined location on the at least one data storage device within the predetermined subset of sectors or addresses of the at least one search type, the predetermined location to be excluded from the search when the selectable option is selected; receiving via the third user interface a selection of the at least one predetermined location on the at least one data storage device within the predetermined subset of sectors or addresses of the at least one search type via the selectable option; and excluding the at least one location from the predetermined subset of sectors or addresses of the at least one search type when executing the search [Paragraph 0045 teaches filter conditions may be set to exclude certain directories from the search; Fig. 4C, Setting filter conditions including selection of locations and selection of operators to exclude the selected locations from the search].

As to claim 55:
McCreight discloses:
the at least one selected application comprises a web-based application [Paragraph 0046 teaches filter conditions include file extensions like .nsf extensions for email archives, therefore, web-based applications; Paragraph 0092 teaches filter conditions include enterprise e-mail archives].

As to claim 56:
McCreight discloses:
the web-based application is remotely accessible through a web-browser application (Examiner notes that web-based applications are, by definition, accessed remotely through a network, and accessible through web-browser applications) [Paragraph 0046 teaches filter conditions include file extensions like .nsf extensions for email archives, therefore, web-based applications; Paragraph 0092 teaches filter conditions include enterprise e-mail archives - email applications are accessible through web-browser applications].

As to claim 57:
McCreight discloses:
for at least one of the at least one selected search type, display as a selectable option in a user interface at least one predetermined file location for inclusion or exclusion from the search; receive a selection of the selectable option via the user interface; and modify the predetermined subset of the at least one of the at least one selected search type to include or exclude the at least one predetermined file location [Paragraph 0045 teaches filter conditions may be set to exclude certain directories from the search; Fig. 4C, Setting filter conditions including selection of locations and selection of operators to exclude or include the selected locations from the search; Paragraph 0099 teaches a GUI screen for viewing and/or editing an investigation subject after it has been created].
Claims 43, 44, 46, and 47 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over McCreight et al. (U.S. Publication No. 2011/0047177) hereinafter McCreight, in view of Yang et al. (U.S. Patent No. 8,112,800) hereinafter Yang, and further in view of Sun et al. (U.S. Publication No. 2007/0226170).
As to claim 43:
McCreight discloses all the limitations as set forth in the rejections of claim 41 above, but does not appear to expressly disclose the unidentified data comprises unallocated data.
Sun discloses:
the unidentified data comprises unallocated data [Paragraph 0040 teaches unallocated space may also be analyzed for files and fragments that may be of interest].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to incorporate unidentified data comprising unallocated data, as taught by Sun [Paragraph 0040], because the inventions are directed to searching and discovering data of interest; searching unallocated data enables the discovery of relevant data or fragments, and the recovery of previously deleted files (See Sun [Para 0040]).


As to claim 44:
McCreight as modified by Sun discloses:
the unallocated data comprises deleted data [Paragraph 0040 teaches previously deleted files may be recovered from unallocated space].

As to claim 46:
McCreight discloses:
the plurality of selectable search types comprise a search type configured to search for the application-specific data in predetermined locations where relevant application-specific data is commonly found [Paragraph 0045 teaches filter conditions may be set to specify particular folders or directories].
McCreight does not appear to expressly disclose search in unallocated space on the at least one data storage device.
Sun discloses:
search in unallocated space on the at least one data storage device [Paragraph 0040 teaches unallocated space may also be analyzed for files and fragments that may be of interest].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to search in unallocated space on the at least one data storage device, as taught by Sun [Paragraph 0040], because the inventions are directed to searching and discovering data of interest; searching unallocated data enables the discovery of relevant data or fragments, and the recovery of previously deleted files (See Sun [Para 0040]).


As to claim 47:
McCreight discloses all the limitations as set forth in the rejections of claim 41 above, but does not appear to expressly disclose the plurality of selectable search types comprise an unallocated cluster search type configured to only search locations of the at least one data storage device identified as unallocated and to search file "slack" space.
Sun discloses:
the plurality of selectable search types comprise an unallocated cluster search type configured to only search locations of the at least one data storage device identified as unallocated and to search file "slack" space [Paragraph 0040 teaches unallocated and slack space may also be analyzed for files and fragments that may be of interest].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to search locations of the at least one data storage device identified as unallocated and to search file "slack" space, as taught by Sun [Paragraph 0040], because the inventions are directed to searching and discovering data of interest; searching unallocated locations and slack space enables the discovery of relevant data or fragments, and the recovery of previously deleted files (See Sun [Para 0040]).
Claims 48, 52, and 58 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over McCreight et al. (U.S. Publication No. 2011/0047177) hereinafter McCreight, in view of Yang et al. (U.S. Patent No. 8,112,800) hereinafter Yang, and further in view of Martinek et al. (U.S. Publication No. 2008/0279418) hereinafter Martinek.
As to claim 48:
McCreight discloses all the limitations as set forth in the rejections of claim 41 above, but 
does not appear to expressly disclose the at least one application-specific data pattern 
comprises a header.
Martinek discloses:
the plurality of selectable search types comprise a sector-level search type configured to search the at least one data storage device by reading raw data of the at least one data storage device sector by sector without any reference to a file system [Paragraph 0026 teaches analyzing each identified sector of data; Paragraph 0032 teaches taking each sector of the group and check if the data in the sector meets the criteria].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to incorporating a sector-level search type configured to search the at least one data storage device by reading raw data of the at least one data storage device sector by sector without any reference to a file system, as taught by Martinek [Paragraph 0026, 0032], because the inventions are directed to searching and discovering data of interest; searching for data in the sectors enables the discovery of data when location information is not available.

As to claim 52:
McCreight discloses all the limitations as set forth in the rejections of claim 41 above, but does not appear to expressly disclose verifying data near the subset of the unidentified data to determine that the subset of the unidentified data is not associated with an application other than the at least one selected application.
Martinek discloses:
verifying data near the subset of the unidentified data to determine that the subset of the unidentified data is not associated with an application other than the at least one selected application [Paragraph 0028 teaches analyzing the next value on the block to determine if a new header is encountered, or if the end of the file has been reached].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to verify data near the subset of the unidentified data to determine that the subset of the unidentified data is not associated with an application other than the at least one selected application, as taught by Martinek [Paragraph 0028], because the inventions are directed to searching and discovering data of interest; verifying the data near the unidentified data increases the accuracy of data identification.

As to claim 58:
McCreight discloses all the limitations as set forth in the rejections of claim 53 above, but does not appear to expressly disclose the at least one application-specific data pattern comprises a header.
Martinek discloses:
the at least one application-specific data pattern comprises a header [Paragraph 0027 teaches each file header denotes a different format of the recognized file type].
It would have been obvious to one of ordinary skill in the art at the time the invention was made, to combine the teachings of the cited references and modify the method of searching for application-specific data as taught by McCreight, to include application-specific data patterns comprising a header, as taught by Martinek [Paragraph 0027], because the inventions are directed to searching and discovering data of interest; including headers as part of the data patterns enables the recovery of different file types in the same application (See Martinek [Para 0041]).

Response to Arguments
	The following is in response to arguments filed on May 3, 2022.  Applicant’s arguments have been fully and carefully considered but are moot in view of new grounds of rejections as necessitated by the amendments.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAQUEL PEREZ-ARROYO whose telephone number is (571)272-8969. The examiner can normally be reached Monday - Friday, 8:00am - 5:30pm, Alt Friday, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 571-272-4046. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RAQUEL PEREZ-ARROYO/Primary Examiner, Art Unit 2169