Problems in Capturing Floppy Disks • Sophos under Win 7 will claim the compleNon of scanning a ﬂoppy disk even though it don’t recognize the ﬁle format. • FTK Imager under Win 7 will claim the imaging of a ﬂoppy disk successful even though it don’t recognize the ﬁle format.
Ensure Accruate Virus Check • PC – List the directory of the ﬂoppy disk – Run Sophos on the ﬂoppy • Mac – List the directory of the ﬂoppy disk • Double click on the ﬂoppy disk drive – Open Sophos AnNvirus – “+” Custom Scan – Start Scan
Mac FTK Imager • No Graphical User Interface"• click on "Terminal" icon"• cd ~/Desktopdiskutil list (ﬁnd disk identiﬁer that corresponds to NAME of disk)"• diskutil unmountDisk /dev/disk1(match device found from diskutil list)"• ./ftkimager /dev/disk1 media_ﬁlename -- verify"
AccessData FTK – YouTube • Create New Case • Technical Metadata Extracted by FTK • View Files in “obsolete” File Formats • View Image Files as Thumbnails • Search for Restricted Files using Index / Paaern Search • Flag Restricted Files as Privileged • Change Column Sebngs to Include or Exclude InformaNon • Apply Filter to Items to be Displayed • Arrange Files in Series / Subseries by Assigning Bookmarks • See Files by Bookmarks • Create and Assign Labels to Files • View Files by Labels
Distributed Processing • Distributed Processing allows the installaNon of the Distributed Processing Engine (DPE) on addiNonal computers in your network, allowing you to apply addiNonal resources of up to three addiNonal computers at a Nme to the processing of your cases. • As a rule of thumb, remember that Distributed Processing may not help reduce processing Nmes unless the number of objects to be processed exceeds 1,000 Nmes the number of cores.
FTK Files OrganizaNon • Evidence data (Image ﬁles) – Network drive (sul-‐wallabyForensicsLab01-‐ OBJECT_POOLCall# NameDisk Image) • Database – Local drive • Case data – Local drive • Case backup data – Network drive (sul-‐wallabyForensicsLab01-‐ OBJECT_POOLCall# NameFTK Case backup)
FTK Case Backup • Backup: – Backup: • Protect you from accidental deleNon, or corrupNon of case and database ﬁles. • FTK copies case informaNon and database ﬁles (but not evidence) to a chosen folder. – Archive – Archive and Detach: • If you want to work on another computer or release space in the database drive. • copies that case’s Oracle database table space ﬁle to the Windows Temp folder, then deletes it from the Oracle database.
FTK Case Restore • Restore – Restore – Restore a case from a backup to its original locaNon, in the event of corrupNon or other data loss. – Aaach – Aaach a case to the same or a diﬀerent machine/database than the one where it was archived and detached from.
FTK Account Types • ApplicaNon Administrator : can perform all types of tasks, including adding and managing users. • Case Administrator can perform all of the tasks an ApplicaNon Administrator can perform, with the excepNon of creaNng and managing users. • Case Reviewer: cannot create cases; can only process cases.
Search Word List • IdenNty: social security no., SSN, SS# • Financial: credit card no., bank account no. • Student informaNon: grade, recommendaNon • Staﬀ informaNon: tenure, appraisal • Health record: disease, depression • Others: conﬁdenNal
Index Search OpNons • Stemming Words that contain the same root, such as raise and raising. • Phonic Words that sound the same, such as raise and raze. • Synonym Words that have similar meanings, such as raise and li9. • Fuzzy Words that have similar spellings, such as raise and raize. Click the arrows to increase or decrease the number of leAers in a word that can be diﬀerent from the original search term. Use this feature carefully; too many leAer diﬀerences may make the search less useful.
Label • Shared Label – Create labels outside cases under Manage – Labels – Labels created will appear in Manage Shared Labels • Local Label – Goto the case – Goto Manage – Labels – Manage Shared Labels – Highlight the labels you want to “Copy to Case”
FTK Label • Access Right – Archivist; Public; Reading Room • Subject – LCSH; Local • Name – Personal; Corporate; MeeNng; Project • Title – Book; ArNcle, etc. • Geographic LocaNon – Country; City, etc. • Genre – Photograph, Sound, Video, etc.
Processing notes in AT • Disk / logical image, why? • File system (PC/Mac) • Virus check result • Imaging results (success rate) • Not converted media , why? plan? (e.g. open reel tapes, punch cards, etc.) • Unrecognized ﬁles (special backup formats, etc.)
Extent Statement • Alternate Extent (resource record) – No. of ﬁles – Total ﬁle size in MB round up in 2 decimal places.
Added Entries for Born Digital Material Series • Added entries for the born digital series should be replicated in the collecNon level so that they will be transferred to SearchWorks.
Access DerivaNve • Image – TIFF to JPEG (1920 pixels wide) – Large JPEG to JPEG (1920 pixels wide) – CRW, NEF to JPEG (1920 pixels wide) • DLSS is doing it all the Nme.
Display DerivaNve • Text – Original: WordStar, WordPerfect, format not recognizable by modern word processing sopware – Access: formats supported by browser (html, etc.) • Tools – Transit SoluNon – Adobe Acrobat Professional – Open Oﬃce
Outputs • Finding aids – EAD • HypaNa – CollecNon Level: EAD – Item Level: FTK • Searchworks – Transform selecNve contents to MODS from EAD
XSLT TransformaNon • XML-‐FO ﬁle designed for output as PDF • Need an XSLT transformaNon to become an XML content ﬁle. • See sample at – haps://consul.stanford.edu/download/ aaachments/136253066/FTK+XSLT.xsl? version=1&modiﬁcaNonDate=1319816838204