1 / 14

Identification and Collection

Identification and Collection. INFM 718X/LBSC 708X Douglas W. Oard. “Data” Mapping. Organizational Application-al Logical Physical Geographic. Levels of Analysis. How Disks Work. Extracted From Shelly Cashman Vermatt’s Discovering Computers 2004. Windows “NTFS” File Metadata.

garth
Download Presentation

Identification and Collection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identification and Collection INFM 718X/LBSC 708X Douglas W. Oard

  2. “Data” Mapping • Organizational • Application-al • Logical • Physical • Geographic

  3. Levels of Analysis

  4. How Disks Work Extracted From Shelly Cashman Vermatt’s Discovering Computers 2004

  5. Windows “NTFS” File Metadata • Time file created (or copied) • Most recent one; optionally “journaled” • Time file content changed (or made changeable) • Most recent one; optionally “journaled” • Time file renamed (or moved) • Most recent one • Time file metadata created or changed • Most recent one • Time file accessed (content or metadata) • Most recent one; optionally disabled

  6. Microsoft Word Metadata • Author • Title • Dates (may not agree with NTFS!) • Created • Modified • Accessed • Printed • Each tracked change

  7. EXIF Image Metadata • Time • Location • Camera manufacturer and model • Camera orientation • Exposure information (shutter speed, f stop) • Thumbnail versions • Altering the image may not change the thumbnail!

  8. Email Metadata • Message metadata • Times • Sent • Resent • Received • Route • In-reply-to • Attachment file type • System metadata • Folder

  9. File Types • Extensions • MyDocument.xls • MIME type • Magic bytes • Supervised machine learning

  10. Capture • Imaging • Tape copy • Disk image • Active file capture • Hardware write block • Software write blocking • File system copy

  11. Culling • Custodian • De-NISTing • Based on NIST list of known program hashes • Date range

  12. Preservation • Future accessibility • Replication • Service copies • Authenticity • Documented traceable process • Separately stored hashes

More Related