Embed Size (px)
Citation preview
2
Forensic Information in Digital Objects (FIDO)
3
Session overview
1. Overview and terminology Lindsay & Kate 2.30-2.40
2. Introduction to tools and processes Gareth 2.40-3.00
3. Hands on session Lindsay & Gareth 3.00-3.45
4. Break 3.45-3.50
5. Group discussions of given scenarios All 3.50-4.20
6. Feedback and summary Lindsay & Gareth 4.20-4.30
4
JISC FIDO Project
• 6 month project from Feb 2011 – July 2011• Investigation of tools to aid data acquisition, file
identification & process documentation• Case study to report findings & lessons learnt • Mapping of forensic terms to archival terms • Address ethical issues of the approach• Establish suitable computer hardware and tools to
assist in newly defined digital acquisition process
5
Why Digital Forensics?• Forensic investigation is an emerging profession
developing tools that map user activity to legal admissibility standards
• Digital collections can be large and difficult to appraise – forensic tools can provide analysis of file characteristics and document what is done & when
• Forensic tools can provide contextual information such as a timeline or file types for initial appraisal
• Authenticity – Archivists need to capture authentic digital collections - forensic tools can support this process
6
Digital forensics vs Digital appraisal
• Different language – terms mean different things to each practitioner
• Confidence & skills – Digital archive skills are much closer to forensics or IT than traditional skills
• Forensics are dealing with potential crime scene – archivists work with the co-operation of the depositor
• Forensics want all available information including deleted documents & browser history whereas archivists may only have consent to take files defined by the donor
7
Scenario 1
An eminent retired KCL professor wishes to deposit her lifetime’s work, because she is about to emigrate to New Zealand to be near her grandchildren. There are seven filing cabinets of papers, and three PCs, two of which she no longer uses. The older PCs have also been used in the past by other family members
8
Scenario 2
The literary executors of a military historian want to place his archive in an appropriate repository. He died eight months ago, leaving four shoe boxes full of disks and a PC, plus extensive printed proofs, off-prints of journal articles and assorted press cuttings. The executors are also in negotiation with a publisher with regard to the historian’s last, unpublished work.
9
Scenario 3
A colleague of a recently departed senior KCL manager in the Estates department gets in touch: she is concerned that there may be much useful information, and perhaps important documents, held only within his email system, which will be deleted in a few weeks.
10
Scenario 4
The daughter of a retired Lieutenant General thinks he may have had the text of a draft memoir on his laptop. There may also be emails relating to his service with NATO forces in Kosovo, 1999, and subsequent war crimes trials, some of which are still on-going. She isn’t sure of anything, hasn’t looked at anything herself, and doesn’t know any passwords, but is anxious to find out if there is anything of significance and to see it safely preserved.
