PPT Presentation - Projects at Harvard

Digital Forensics at Harvard Business School
NE NDSA Lightning Talk, 10 May 2013
Rachel Wise, Baker Library Special Collections
Copyright 2013 © President & Fellows of Harvard College
Why take on this challenge?
--Important donation where significant portion of key content was
contained on obsolete media
--Media in contemporary business records
--Media in faculty research collections
Phase I- Learning from experts:
• External 3.5 floppy
• External 5.25 floppy and FC5025 controller
• Tableau write blocker
• FTK Imager (AccessData free product)
Phase I- Creating disk images
--Opportunity to work out issues:
• Where to store forensic files
• Unique ids
• Naming conventions
• Appraisal
• Etc.
Phase I- Outreach
Tessa Beers SAA poster, August 2012
Phase II- Learning from other institutions:
• AccessData FTK 4.0
• FRED (Forensic Recovery Evidence Device, Digital Intelligence)
• Camera and camera stand
• Additional workstations
• Kryoflux
• Storage boxes for media
• FTK AccessData boot-camp
--Physical space:
• Plans for a forensics lab
High-level workflow
• Records created in Archivists Toolkit
--Disk Image Creation:
• Disk image created in FTK Imager (.aff format)
• Photograph of physical media
• Entry into media log
--Disk Processing:
• “Case” created in FTK
• Bookmarking and tagging content
Next steps
--Metadata management
• What are best practices for describing hybrid collections?
• What are best practices for describing born digital collections?
--Providing access:
• What are methods for providing access to content in the reading
Resources that were helpful for us
Martin J. Gengenbach-- “‘The Way We Do it Here”’ Mapping Digital
Forensics Workflows in Collecting Institutions.
Jeremy Leighton John--Digital Forensics and Digital Preservation
AIMS white paper
MITH Use Guide for the FC5025 Floppy Disk Controller
Stanford Stop Aid Project documentation

similar documents