Versions Compared

Old Version 7

changes.mady.by.user Creighton Barrett

Saved on

compared with

New Version 8

changes.mady.by.user Creighton Barrett

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

...

Archival processing projects that involve digital forensics require a clear understanding of the "flow" of forensic processes that will be repeated until the project is complete. This section of the Digital Forensics Lab Manual describes the basic workflows for various types of digital storage devices.

There are two primary workflows for digital forensics:

WorkflowDescription

Bulk forensic imaging for preservation

Create forensic images to support acquisition and preservation of born-digital archives. Transfer forensic images into digital backlog until further processing is scheduled.

Collection-based forensics Forensic imaging and analysis for archival processing and monetary appraisal

Create forensic images to support acquisition and archival processing of born-digital archives. Select files from forensic images and transfer files to ingest storage for transfer into digital preservation system.

...

  1. Add item to register of digital storage devices.

  2. Prepare item for forensic imaging.

  3. Use FTK Imager to create forensic disk image of item.

  4. Transfer forensic disk images to Libraries' digital backlog storage for preservation until further processing.

  5. Delete local copy of forensic disk image after transfer validation.

  6. Update entry in register of digital storage devices.

...

Forensic imaging and analysis for archival processing and monetary appraisal

...

  1. Add item to register of digital storage devices.

  2. Prepare item for forensic imaging.

  3. Use FTK Imager to create forensic image of item and create a secondary (i.e., local backup) copy of the forensic image.

  4. Update entry in register of digital storage devices.

  5. Load forensic image(s) into FTK.

  6. Run additional analysis processing.

  7. Create filters as necessary.

  8. Create labels to support archival appraisal decisions:

    1. DeleteĀ 
    2. Review for deletion
    3. Review for selection
    4. Select for retention
    5. Select for retention (contains PII)

  9. Create word list based on selection criteria.

  10. Create hierarchical set of bookmarks to support archival arrangement:

    1. Fonds title
      1. Series title
        1. Sub-series title
      2. Series title

  11. Use a combination of filters, searching, and browsing to identify and select records for retention. Use labels and bookmarks to facilitate this process.

  12. Use a combination of tools to identify confidential and personal information. Use labels and bookmarks to facilitate this process.

  13. Use bookmarks to export files and metadata from FTK.

    1. Export files option
    2. Report option

  14. Transfer package to Libraries' ingest storage for transfer into digital preservation system.

  15. Delete local backup data and FTK case after successful generation of AIPs.

...