Watching the Detectives Forensic Information in Digital Objects (FIDO)

Slides:



Advertisements
Similar presentations
28 March 2003e-MapScholar: content management system The e-MapScholar Content Management System (CMS) David Medyckyj-Scott Project Director.
Advertisements

2 Forensic Information in Digital Objects (FIDO)
GETTING BITS OFF DISKS Using Open Source Tools to Prepare Born-Digital Materials for Long-Term Preservation and Access To connect to the audio portion.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
File Management Chapter 3
Effective Discovery Techniques In Computer Crime Cases.
E-Discovery for System Administrators Russell M. Shumway.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
The art of effective persuasion - drafting a deposit agreement that covers born-digital material Simon Wilson, Acting University Archivist.
Guide to Computer Forensics and Investigations Fourth Edition
File Management Systems
Computer & Network Forensics
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Application Software: Essentials for knowledge workers
1 From Filing Cabinet to Desktop and Network: Records Management in N.C. State Government Ed Southern Government Records Branch N.C. Office of Archives.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
1 The Vietnam Center and Archive Stephen Maxner, Ph.D.
Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.
By Drudeisha Madhub Data Protection Commissioner Date:
August 14, 2015 Research data management – an introduction Slides provided by the DaMaRO Project, University of Oxford Research Services.
Capturing Computer Evidence Extracting Information.
SOFTWARE.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Developing Health Geographic Information Systems (HGIS) for Khorasan Province in Iran (Technical Report) S.H. Sanaei-Nejad, (MSc, PhD) Ferdowsi University.
Untitled (Hidden Track): Born Digital Content Preservation Service at UIUC Tracy Popp, MS LIS, CAS Digital Preservation Coordinator University Library.
Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Copyright 2013 © President & Fellows of Harvard College Digital Forensics at Harvard Business School NE NDSA Lightning Talk, 10 May 2013 Rachel Wise, Baker.
What is the Internet? Internet: The Internet, in simplest terms, is the large group of millions of computers around the world that are all connected to.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
BUILDING ON COMMON GROUND: EXPLORING THE INTERSECTION OF ARCHIVES AND DATA CURATION Lizzy Rolando & Wendy Hagenmaier 6/3/2015IASSIST 2015.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
June 3, 2016 Research data management – an introduction Slides provided by the DaMaRO Project, University of Oxford Research Services.
ALA Institutional Repository Update ALA Archives at the University of Illinois Urbana-Champaign Chris Prom Cara Bertram Denise Rayman.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Records Management for Paper and ESI Document Retention Policies addressing creation, management and disposition Minimize the risk and exposure Information.
Hardware Software InternetMiscellaneous
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
11 Researcher practice in data management Margaret Henty.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Launching E-Records with a PERPOS: The Presidential Electronic Records PilOt System 2005 NAGARA Annual Meeting.
Digital Archives You Can Do It! The Collective - March 2016 Paul Kelly - Digital Archivist - The Catholic University of America.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Working with personal digital archives Susan Thomas Project Manager & Digital Archivist project Manuscripts Matter, Electronica panel London, October.
Creighton Barrett Dalhousie University Archives
Wright State University
Microsoft Office 2010 Basics and the Internet
Microsoft Office 2010 Basics and the Internet
Objectives Overview Identify the four categories of application software Describe characteristics of a user interface Identify the key features of widely.
Application Software Chapter 6.
Topics in Born Digital Archiving
Knut Kröger & Reiner Creutzburg
HOW WELL DO YOU KNOW THE BASICS OF USING YOUR COMPUTER?
System And Application Software
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
DIGITAL LIBRARY.
Information Technology Ms. Abeer Helwa
Digital Forensics Dr. Bhavani Thuraisingham
Unit# 5: Internet and Worldwide Web
Threats to Privacy in the Forensic Analysis of Database Systems
Forensic Recovery of Evidence Device (FRED)
Chapter 2 Applications Software and Operating Systems
Presentation transcript:

Watching the Detectives Forensic Information in Digital Objects (FIDO)

KCL Facts 5 million archives (including artefacts, images, sound recordings and databases) 295,000 rare/special books Spans 6 centuries (most from 18 th Century onwards) Wide range of subjects, formats and languages Internationally and nationally recognised Whole collection valued at £81,000,000 Liddell Hart Centre for Military Archives and Foyle Special Collections library

Information Management Team Responsible for advice and support for: Content creation Active management during business use Retention for legal or business purposes Digital archiving and preservation

JISC FIDO Project 6 month project in 2011 Investigation of tools to aid data acquisition, file identification & process documentation Case study to report findings & lessons learnt Mapping of forensic terms to archival terms Address ethical issues of the approach Establish suitable computer hardware and tools to assist in newly defined digital acquisition process

Why digital forensics? Forensic investigation is an emerging profession developing tools that map user activity to legal admissibility standards Digital collections can be large and difficult to appraise – forensic tools can provide analysis of file characteristics and document what is done & when Forensic tools can provide contextual information such as a timeline or file types for initial appraisal Authenticity – Archivists need to capture authentic digital collections - forensic tools can support this process

Digital forensics vs Digital appraisal Different language – terms mean different things to each practitioner Confidence & skills – Digital archive skills are much closer to forensics or IT than traditional skills Forensics are dealing with potential crime scene – archivists work with the co-operation of the depositor Forensics want all available information including deleted documents & browser history whereas archivists may only have consent to take files defined by the donor

Ethical Issues Does the depositor know the collection? A forensic image will capture everything! Is included in the deposit? Do all family members agree to the deposit? Does the depositor own the copyright? Is there unpublished work that might be published after deposit? Are computers included or just their contents?

Technical Issues Data transfer or recovery Level of rights required for tasks Additional hardware/software familiarisation New skills for archives staff Redaction Finding new software for particular tasks

Data handling workflow Obtain data from depositor / donor Examine the acquired data to locate user generated content Appraise data to select data of potential value to the institution Transfer selected data into digital repository for curation & preservation

Data Acquisition Methods 1.File copy: Files are copied/moved from the donors media to AIM-owned storage, e.g. FTP, DVD-R, hard disk 2.Disk clone: Bit copy of files on source disk copied to mirror disk 3.Disk image: Bit copy of disk is created and stored as a file on other media. Different Hardware Different Media

12

13 Data held on digital media Types: –Operating system files, e.g. Windows has 30,000+ after fresh install –Software: Applications, utilities, games, etc. –Log data: Windows Registry, browser cache, cookies, temp files –User-generated content: Documents, images, sound, s, etc. Data layers: 1.Active data: Information normally seen by Operating System 2.Inactive/residual data: deleted or modified data Deleted files located in unallocated space that have yet to be overwritten (retrieved using undelete application) Data fragments that contains information from a partially deleted file (retrieved through carving) Usefulness of Inactive data still to be seen

Active Data Analysis Common techniques: Navigate directory structure to get a feel for data files held on disk Search by: File name, e.g. *report* File type, e.g. *.doc, *.pdf, etc. Creation/modification date Content type, e.g. word usage File size Windows search does not identify everything investigation process leaves artefacts, e.g. thumbs.db behind

OS Forensic search interface for active files Sort by: Name, Folder, Size Type, Creation date, Modification date,

Recovering deleted files Recovering partial/complete files Undelete\File recovery software searches unallocated space and makes found files available. Recovering Data Fragments Data carving technique - raw bits of disk analysed to identify recognisable patterns that may indicate a data file, e.g. header/footer, semantic information. –Carving software designed to take a linear approach to locating data files – ineffective on fragmented disks –Creates Franken-Files! – incomplete files, large files containing info from multiple sources, extracts embedded images from PowerPoint's, etc

Keyword Search Scan the content of a disk, including all s, documents and other text content, to locate a particular search term Commonly used by police to identify illegal content, e.g. bank numbers, telephone numbers Archival use: Does the disk contain reference to topic X? What trends may be identified in use of concept – when did term appear and disappear ?

Analysis of research behaviour Hard disk may contain other information: –Web sites visited/bookmarked for research –Chat logs indicating discussion with colleagues –Other digital media that may have been used to store data This may be useful for understanding researcher work process, but consider the ethical issues

Forensic Hardware 1) Desktop PC Intel Pentium Dual Core E5800 CPU (3.20Ghz) 2GB DDR 500GB HD Super multi DVD-RW (2) USB Write Blocker Prevents OS writing to connected devices (4) Kryoflux USB Floppy disk controller to enable attachment of disparate disk devices & forensic imaging (3) Drive enclosure Enables connection of internal ATA/SATA disks via USB

Access to digital collections Publication of summary guide Folder hierarchy to give overview of collection Ability of researchers to search across file lists/index to identify information Access to whole digital collection? Policy regarding number of files, what access, copies still to be determined

Next steps Working with desktop support to capture images Drafting new advice for depositors Encouraging depositors to deposit their digital records Working with College Senior staff to capture their personal papers and research data throughout their career Improving skills within the AIM team – especially Mac skills Preserving digital records in our collections

Thank you Lindsay Ould Information Manager and Digital Archivist

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.