Tweet
Tweet

Slide 1

Slide 1 text

Aggregating Temporal Forensic Data Across Archival Digital Media

Slide 2

Slide 2 text

Guymager ∙ dcfldd ∙ cdrdao ∙ bulk_extractor ∙ bulk_extractor Viewer ∙ fiwalk ∙ The Sleuth Kit ∙ libewf ∙ AFFLIB ∙ pyExifToolGUI ∙ ClamAV / ClamTK ∙ FSlint ∙ sdhash ∙ HFS Utilities ∙ FITS ∙ readpst ∙ recoll ∙ GTK Hash ∙ GHex ∙ Safe Mount

Slide 3

Slide 3 text

Timeline Data

Slide 4

Slide 4 text

The Vasulka Collection

Slide 5

Slide 5 text

Woody Vasulka, Computer studies, Untitled (“DDORISK.jpg”). vasulka.org/Woody/computerstudies/WOODY90/pages/DDORISK.html vasulka.org/Woody/computerstudies/WOODY90/pages/FDSKINS.html Woody Vasulka, Computer studies, Untitled (“FDSKINS.jpg”).

Slide 6

Slide 6 text

File System Events 0 500 1000 1500 2000 1980 1984 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2008 2010 2012 Last modified (HFS) Last written Last accessed Created

Slide 7

Slide 7 text

Timeline Benefits • Navigation
 • Trends
 • Context

Slide 8

Slide 8 text

Timeline Complications • Provenance
 • Timestamp Value Variance
 • File System Variance

Slide 9

Slide 9 text

Conclusions • Often “dormant” data
 • Research usually
 not in a legal context
 • Builds on existing
 best practice

Slide 10

Slide 10 text

Thank You! Walker Sampson Digital Archivist University of Colorado Boulder [email protected] wsampson.wordpress.com