FTK Demo Day

This past Wednesday, we gathered all the archivists who do processing into the D-Lab and wowed them with a demo of the Forensic ToolKit (FTK) software.

I started with an overview of our processes for separating removable digital media from collections:

Then I gave an overview of the proposed workflow for working with that media:

The idea is that the materials (disks, drives, CDs, DVDs, etc) will be separated and delivered to the D-Team. We’ll add them to our digital media inventory, then when we receive notification that these materials are slated for processing, we’ll prioritize them for imaging. After they’re imaged, we’ll create a case for that collection in FTK, and add each piece of separated media as evidence to that case.

FTK is computer forensics software designed for use by investigators in law enforcement. It’s extremely powerful software and will help us do many tasks that would otherwise be quite laborious. The demo covered:

    • The different ways you can view the data you’re working with – through the file directory structure, grouped by file types, grouped by file format types, etc.
    • The ease of viewing and analyzing email accounts
    • Identify duplicates
    • Filtering out non-archival items, like duplicates or system files
    • Searching for patterns, like social security numbers, and credit card numbers
    • Using fuzzy searching (like searching Sibyl and Sybil)
    • Arranging the materials in a hierarchy, much like you can in the Archivists’ Toolkit
    • Using labels to highlight restricted or sensitive materials
    • File visualization!

 

A visualization of emails domains related to an email account.

A visualization of emails domains related to an email account.

Mary Ann then talked a bit about the work she’s doing with the Taconic electronic records.

Mary Ann talks about how to use Bookmarks in FTK to build out a file hierarchy.

Mary Ann talks about how to use Bookmarks in FTK to build out a file hierarchy.

All in all, I think it was a successful demo in that it generated excitement about working with the program, as well as some clarity in just what processing electronic records looks like. The inevitable question about redacting sensitive or restricted information did arise, which led to a discussion about some of the policy decisions that need to be made concerning access to digital materials. I’m making a note here, as I think questions about redaction (and the time-consuming nature of it) should make excellent fodder for a future archival staff meeting.

Leave a Reply

Your email address will not be published. Required fields are marked *