DIGITAL FORENSICSForensic Toolkit: a tool to process born digital records

Emma Jolley Curator of Digital Archives

Why Digital Forensics?The process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally

acceptable.

ProvenanceOriginal Order

Chain of CustodyIdentifying

Authenticity

Forensic Toolkit

Case Summary

Overview of FTK Screen

Explore View

Explore View – Additional Technical Metadata

Explore View – Additional Technical Metadata (part – 2)

Overview View

Overview View

Viewing Content

Email View - 1

Email View 1 – Deleted Items

Email View 1 – Calendar view

Email View 2

Email View 2

Graphics View

Graphics View – Properties view (metadata)

Video View

Audio Player

Bookmarks (Serialisation – Arrangement and Description)

Bookmarks (Serialisation – Arrangement and Description)

Labels (Analysis)

Searching (Index)

Searching (Index) – Copyright and IP statements

Visualisation – Time Series (Email)

Visualisation – social analyser (email)

Reporting

Reporting – Finding-aid

Reporting – Donors List (Finding-aid)

Issues and Challenges• Professional interactions (vocabulary)• Donors metadata• Description• Hybrid collections• Perceptions of the challenge• No two collections are the same• Getting the Description into CMS

Lessons Learnt• Plan, Plan, Plan, visit and plan some more• Expect the unexpected• Digital Transfer is very resource hungry• Appraisal must be at CDP level (and Functions)• A single person isn’t going to do it (need a

village)• Theory is the same regardless of format