Copyright 2013 © President & Fellows of Harvard College Digital Forensics at Harvard Business School NE NDSA Lightning Talk, 10 May 2013 Rachel Wise, Baker

Copyright 2013 © President & Fellows of Harvard College

Digital Forensics at Harvard Business SchoolNE NDSA Lightning Talk, 10 May 2013

Rachel Wise, Baker Library Special Collections

Why take on this challenge?

--Important donation where significant portion of key content was contained on obsolete media

--Media in contemporary business records

--Media in faculty research collections

Phase I- Learning from experts:

--Equipment:• External 3.5 floppy• External 5.25 floppy and FC5025 controller• Tableau write blocker• FTK Imager (AccessData free product)

Phase I- Creating disk images

--Opportunity to work out issues:• Where to store forensic files• Unique ids• Naming conventions• Appraisal• Etc.

Phase I- Outreach

Tessa Beers SAA poster, August 2012

Phase II- Learning from other institutions:

--Equipment:• AccessData FTK 4.0• FRED (Forensic Recovery Evidence Device, Digital Intelligence)• Camera and camera stand• Additional workstations• Kryoflux• Storage boxes for media

--Training:• FTK AccessData boot-camp

--Physical space:• Plans for a forensics lab

High-level workflow

--Accessioning:• Records created in Archivists Toolkit

--Disk Image Creation:• Disk image created in FTK Imager (.aff format)• Photograph of physical media• Entry into media log

--Disk Processing:• “Case” created in FTK

• Bookmarking and tagging content

Next steps

--Preservation

--Metadata management

--Storage

--Description:• What are best practices for describing hybrid collections?• What are best practices for describing born digital collections?

--Providing access:• What are methods for providing access to content in the reading

room?

Resources that were helpful for us

• Martin J. Gengenbach-- “‘The Way We Do it Here”’ Mapping Digital Forensics Workflows in Collecting Institutions.

• http://www.bitcurator.net/2012/11/20/542/

• Jeremy Leighton John--Digital Forensics and Digital Preservation • http

://blogs.loc.gov/digitalpreservation/2013/02/digital-forensic-perspective-helps-cultural-heritage-institutions-meet-deep-challenges/

• MITH Use Guide for the FC5025 Floppy Disk Controller• http://mith.umd.edu/vintage-computers/fc5025-operation-instructions

• AIMS white paper• http://www.digitalcurationservices.org/aims/white-paper/

• Stanford Stop Aid Project documentation• http://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=1026&context=

westernarchives

http://www.bitcurator.net/2012/11/20/542/

http://www.bitcurator.net/2012/11/20/542/

http://blogs.loc.gov/digitalpreservation/2013/02/digital-forensic-perspective-helps-cultural-heritage-institutions-meet-deep-challenges/



http://mith.umd.edu/vintage-computers/fc5025-operation-instructions

http://mith.umd.edu/vintage-computers/fc5025-operation-instructions

http://www.digitalcurationservices.org/aims/white-paper/

http://www.digitalcurationservices.org/aims/white-paper/

http://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=1026&context=westernarchives

http://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=1026&context=westernarchives

Documents

Copyright 2013 © President & Fellows of Harvard College Digital Forensics at Harvard Business School NE NDSA Lightning Talk, 10 May 2013 Rachel Wise, Baker