AIMS Symposium

Charlottesville, VA
13-14 May 2011

Skip to end of metadata
Go to start of metadata
  • Tool Scenarios, Specifications, Requests (e.g. I would really like a tool to do x, y and z...)
  • Pre-SIP Tools and Workflow
    • AccessData FTK (Forensic Toolkit)
      • Description: FTK is designed for law enforcement officials and corporate security and IT professionals who need to access and evaluate the evidentiary value of files, folders, and computers. However, the bookmarks and labels functions which help investigators to organize the evidence they selected are equally applicable to the organization of the whole born digital collection. The pattern and full text search functions which are used to find particular evidence are equally applicable to search for restricted materials.
      • Availability: Now. http://accessdata.com/products/computer-forensics/ftk
      • License: Proprietary
      • Developers: AccessData Group
      • First release:
      • Current release: 3.3
      • See YouTube video on the use of AccessData FTK to extract technical metadata and to assign descriptive metadata to collections at http://www.youtube.com/watch?v=hDAhbR8dyp8
    • Bulk Extractor
      • Description: "a C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures". For sample output, see http://www.forensicswiki.org/wiki/Bulk_extractor
      • Availability:
      • License:
      • Developers:
      • First release: September, 2008?
      • Current release:
    • Gumshoe
      • description: Gumshoe is a Rails-based application for searching metadata from disk images. It relies on Blacklight, Solr, and fiwalk.
      • Availability:
      • License:
      • Developers: Mark Matienzo
      • First release:
      • Current release:
    • fiwalk
      • description
    • sleuthkit
      • description: The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence. You can use it with the Autopsy Forensic Browser.
      • Availability: download here.
      • License: Some of the files have roots in The Coroner's Toolkit (TCT) and are distributed under the IBM Public License. These files are limited to the file system code and mainly for the FFS and Ext2 file systems. Files that have been created since the fork are released under the Common Public License. This includes all other files in the library. Note that the Common Public License is a generic form of the IBM Public License. TSK also distributes a striped down copy of GNU binutils strings, which has a GPL 2license.
      • Developers:
      • First release:
      • Current release: 3.2.1 (February, 27, 2011)
    • autopsy
      • description
    • guymager (imaging tool)
    • ddrescue a raw disk imaging tool that "copies data from one file or block device to another, trying hard to rescue data in case of read errors." See more info from forensics wiki here: http://www.forensicswiki.org/wiki/Ddrescue
    • Email tools
      • CERP email parser
      • PeDALS PST parser
  • SIP Tools and Workflows
    • Curator's Workbench
      • Description: The Curator's Workbench is an extensible, multi-platform digital collection and appraisal tool for the desktop. It is designed to acquire and process batch data efficiently while giving the user control over work flow.
      • Available for download for Mac, PC and Linux here.
      • License: free and open source under Apache 2
      • Developers: Greg Jansen at University of North Carolina at Chapel Hill
      • First release: December 2010
      • Current Release:
  • AIP Tools and Workflows
    • Archivematica
      • Description: Archivematica is a comprehensive digital preservation system. Archivematica uses a micro-services design pattern to provide an integrated suite of free and open-source tools that allows users to process digital objects from ingest to access in compliance with the ISO-OAIS functional model.
      • Availability: available for download via virtual appliance, live USB, live DVD or a checkout from Subversion here.
      • License: free and open source under GPL version 2
      • Developers: Artefactual Systems
      • First release:
      • Current release:
  • DIP Tools and Workflows
  • No labels