Part of the Dalhousie Libraries Documentation Wiki

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Introduction

  • Use forensic workstation and FTK Imager to image CDs, DVDs, and Blu-ray discs.

  • This workflow should produce a .iso and .cue file for each evidence item.

  • If disc will not mount or FTK Imager produces errors, switch to BitCurator workstation and Guymager.

  • CD-Digital Audio (CD-DA) discs require additional testing and analysis. Alternative methods may be required to ensure long-term preservation.

Insert optical disc into disc drive

  1. Coming soon.

Launch FTK Imager and initiate "Create Disk Image..." process

  1. Launch FTK Imager.

  2. Click on "File" menu and select "Create Disk Image..."

  3. Select "Logical Drive" from the "Select Source" window and click on the "Next" button.



  4. Select the correct drive from the "Select Drive" window and click on the "Next" button.



  5. Review "Create Image" window. Ensure the "Verify images after they are created" and "Create directory listings..." boxes are checked.



  6. Click on the "Add..." button to open a "Select Image Destination" window.



  7. Click on the "Browse" button to open a "Browse for Folder" window. Browse to the DATA (D:) drive and select the destination folder for the image. Click on the "OK" button to make the selection.



  8. Provide an image filename (excluding extension). Whenever possible, use the Evidence ID recorded in the register of digital storage devices. Click on the "Finish" button.


    If necessary, repeat steps 3-6 to create a copy of the image. Complete the "Select Image Destination" window.



  9. Review the "Create Image" window. If settings are correct, click on the "Start" button to initiate the imaging process.



  10. Monitor the "Creating Image" windows. Optical discs should take less than 10 minutes to image and progress is usually demonstrated in the first minute. 



  11. If images are successfully created, close pop-up windows.

  12. Open Windows Explorer and navigate to the DATA (D:\) drive. Confirm the following organization of data:

    1. D:\DATA
      1. Fonds/Collection
        1. Accession folder
          1. Evidence
            1. EvidenceID
          2. Evidence – copies
            1. EvidenceID_copy

  13. If progress stalls, close FTK Imager and try again. If FTK Imager is still unable to create images, stop the work and notify the Digital Archivist.

  14. Eject optical disc from forensic workstation.

  15. Return disc to appropriate born digital box.

Update register of digital storage devices

  1. Log into MyDal and navigate to University Archives' SharePoint site.

  2. Navigate to the "Register of digital storage devices" SharePoint list.

  3. Navigate to entry for applicable optical disc. Browse or use filters to locate the item. 

  4. Click on "Edit" button to open record for editing.

  5. Add information about forensic imaging.

  6. Update other parts of entry as necessary.

  7. Click on "Save" button to save the edits.

Next steps

See procedures for creating a case in Forensic Toolkit (FTK).

  • No labels

Dalhousie Libraries - Documentation Wiki