Add to collection(s) Add to saved
  1. Business

PPT Presentation - Projects at Harvard

advertisement 
Digital Forensics at Harvard Business School
NE NDSA Lightning Talk, 10 May 2013
Rachel Wise, Baker Library Special Collections
Copyright 2013 © President & Fellows of Harvard College
Why take on this challenge?
--Important donation where significant portion of key content was
contained on obsolete media
--Media in contemporary business records
--Media in faculty research collections
Phase I- Learning from experts:
--Equipment:
• External 3.5 floppy
• External 5.25 floppy and FC5025 controller
• Tableau write blocker
• FTK Imager (AccessData free product)
Phase I- Creating disk images
--Opportunity to work out issues:
• Where to store forensic files
• Unique ids
• Naming conventions
• Appraisal
• Etc.
Phase I- Outreach
Tessa Beers SAA poster, August 2012
Phase II- Learning from other institutions:
--Equipment:
• AccessData FTK 4.0
• FRED (Forensic Recovery Evidence Device, Digital Intelligence)
• Camera and camera stand
• Additional workstations
• Kryoflux
• Storage boxes for media
--Training:
• FTK AccessData boot-camp
--Physical space:
• Plans for a forensics lab
High-level workflow
--Accessioning:
• Records created in Archivists Toolkit
--Disk Image Creation:
• Disk image created in FTK Imager (.aff format)
• Photograph of physical media
• Entry into media log
--Disk Processing:
• “Case” created in FTK
• Bookmarking and tagging content
Next steps
--Preservation
--Metadata management
--Storage
--Description:
• What are best practices for describing hybrid collections?
• What are best practices for describing born digital collections?
--Providing access:
• What are methods for providing access to content in the reading
room?
Resources that were helpful for us
•
Martin J. Gengenbach-- “‘The Way We Do it Here”’ Mapping Digital
Forensics Workflows in Collecting Institutions.
•
•
Jeremy Leighton John--Digital Forensics and Digital Preservation
•
•
http://mith.umd.edu/vintage-computers/fc5025-operation-instructions
AIMS white paper
•
•
http://blogs.loc.gov/digitalpreservation/2013/02/digital-forensic-perspectivehelps-cultural-heritage-institutions-meet-deep-challenges/
MITH Use Guide for the FC5025 Floppy Disk Controller
•
•
http://www.bitcurator.net/2012/11/20/542/
http://www.digitalcurationservices.org/aims/white-paper/
Stanford Stop Aid Project documentation
•
http://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=1026&context=wes
ternarchives
Related documents
ITT593 Lab 4
ITT593 Lab 4
Focus Systems signs exclusive authorized forensic training deal with
Focus Systems signs exclusive authorized forensic training deal with
Windows Forensics for Incident Response - NAISG
Windows Forensics for Incident Response - NAISG
A30-327
A30-327
9781435498839_Sol_ch07
9781435498839_Sol_ch07
Solutions 02
Solutions 02
Forensic Toolkit® (FTK®)
Forensic Toolkit® (FTK®)
FTK Rear Transition Module Production Readiness Review The University of Chicago Mircea Bogdan
FTK Rear Transition Module Production Readiness Review The University of Chicago Mircea Bogdan
121computerforensicswindowsftklab
121computerforensicswindowsftklab
Introduction to FTK
Introduction to FTK
prt 140 physical chemistry
prt 140 physical chemistry
FTK IMAGER 3.0.0.1443
FTK IMAGER 3.0.0.1443
Download
advertisement