Part of the Dalhousie Libraries Documentation Wiki

SP-01 Specifications for data storage on Digital Forensics Workstation

Owned by Creighton Barrett

May 25, 2022

1 min read

1 Introduction
2 Data storage
3 Forensic case storage

Introduction

The following technical specification is part of the Digital Forensics Lab Manual published by the Dalhousie University Archives.

Data storage

Forensic images created through FTK Imager shall be saved accordingly:

D:\DATA

Fonds/Collection1
- AccessionID
  - Evidence
    - EvidenceID – disk image (raw .dd)
    - EvidenceID – directory listing (.csv)
    - EvidenceID – validation (.txt)
  - Evidence – copies
    - EvidenceID_copy – disk image (raw .dd)
    - EvidenceID_copy – directory listing (.csv)
    - EvidenceID_copy – validation (.txt)
Fonds/Collection2
- AccessionID
  - Evidence
    - EvidenceID – disk image (raw .dd)
    - EvidenceID – directory listing (.csv)
    - EvidenceID – validation (.txt)
  - Evidence – copies
    - EvidenceID_copy – disk image (raw .dd)
    - EvidenceID_copy – directory listing (.csv)
    - EvidenceID_copy – validation (.txt)

Forensic case storage

Database tables shall be saved in:

Case shall be saved in:

Dalhousie Libraries - Documentation Wiki