Part of the Dalhousie Libraries Documentation Wiki

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

This section of the Digital Forensics Lab Manual describes basic digital forensics workflows. There are two primary workflows:

WorkflowDescription

Bulk forensic imaging for preservation

  1. Add items to Register of Digital Storage Devices.
  2. Create forensic images.
  3. Transfer forensic images into digital backlog until further processing is scheduled.

Forensic imaging and analysis for archival processing and monetary appraisal

  1. Add items to Register of Digital Storage Devices.
  2. Create forensic images.
  3. Ingest images into FTK.
  4. Select files from forensic images.
  5. Export selected files.
  6. Package files and ingest into digital preservation system.

Bulk forensic imaging for preservation

  1. Add item to register of digital storage devices.

  2. Prepare item for forensic imaging.

  3. Use FTK Imager to create forensic image of item.

  4. Transfer forensic image to Libraries' digital backlog storage until further processing.

  5. Delete local copy of forensic image after transfer validation.

  6. Update entry in register of digital storage devices.

Forensic imaging and analysis for archival processing and monetary appraisal

  1. Add item to register of digital storage devices.

  2. Prepare item for forensic imaging.

  3. Use FTK Imager to create forensic image of item and create a secondary (i.e., local backup) copy of the forensic image.

  4. Update entry in register of digital storage devices.

  5. Create case in FTK.

  6. Select an evidence processing profile.
  7. Add forensic image to case.

  8. Run additional analysis processing. Use a combination of tools to identify confidential and personal information.

  9. Create filters as necessary.

  10. Create labels to support archival appraisal decisions. For example: 

    1. Delete 
    2. Review for deletion
    3. Review for selection
    4. Review for selection (contains PII)
    5. Select for retention
    6. Select for retention (contains PII)

  11. Create hierarchical set of bookmarks to support archival arrangement:

    1. Fonds title
      1. Series title
        1. Sub-series title
      2. Series title

  12. Create word list based on archival appraisal guidelines.

  13. Use a combination of filters, searching, and browsing to select and organize records for retention. Use labels and bookmarks to facilitate this process.

  14. Use bookmarks to export files and metadata from FTK.

    1. Export files option
    2. Report option

  15. Package files into one or more "bags" that conform to the BagIt specification.

  16. Upload bag(s) to the Libraries' ingest storage.

  17. Transfer bag(s) into digital preservation system.

  18. Process transfer and generate AIPs. 

  19. Delete local backup data and FTK case after successful generation of AIPs.

Workflows at other institutions

Princeton University Library, Department of Rare Books and Special Collections, "Born-Digital University Archives Workflows." https://rbsc.princeton.edu/workflows/born-digital/university-archives


  • No labels

Dalhousie Libraries - Documentation Wiki