Aggregating Temporal Forensic Data Across Archival Digital Media

Transcript

1. Aggregating Temporal Forensic Data Across Archival Digital Media

2. Guymager ∙ dcfldd ∙ cdrdao ∙ bulk_extractor ∙ bulk_extractor Viewer

   ∙ fiwalk ∙ The Sleuth Kit ∙ libewf ∙ AFFLIB ∙ pyExifToolGUI ∙ ClamAV / ClamTK ∙ FSlint ∙ sdhash ∙ HFS Utilities ∙ FITS ∙ readpst ∙ recoll ∙ GTK Hash ∙ GHex ∙ Safe Mount

3. Timeline Data

4. The Vasulka Collection

5. Woody Vasulka, Computer studies, Untitled (“DDORISK.jpg”). vasulka.org/Woody/computerstudies/WOODY90/pages/DDORISK.html vasulka.org/Woody/computerstudies/WOODY90/pages/FDSKINS.html Woody Vasulka,

   Computer studies, Untitled (“FDSKINS.jpg”).

6. File System Events 0 500 1000 1500 2000 1980 1984

   1986 1988 1990 1992 1994 1996 1998 2000 2002 2004 2008 2010 2012 Last modified (HFS) Last written Last accessed Created

7. Timeline Benefits • Navigation
 • Trends
 • Context

8. Timeline Complications • Provenance
 • Timestamp Value Variance
 • File

   System Variance

9. Conclusions • Often “dormant” data
 • Research usually
 not in

   a legal context
 • Builds on existing
 best practice

10. Thank You! Walker Sampson Digital Archivist University of Colorado Boulder

    [email protected] wsampson.wordpress.com