| HTML |
|---|
<div style="background-color: yellow; border: 2px solid red; margin: 4px; padding: 2px; font-weight: bold; text-align: center;">
This page was moved to <a href="https://confluence.educopia.org/display/BC/Tools">https://confluence.educopia.org/display/BC/Tools</a>
<br>
Click in the link above if you are not automatically redirected in 10 seconds.
</div>
<meta http-equiv="refresh" content="10; URL='https://confluence.educopia.org/display/BC/Tools'" /> |
| Task | Tool Name (if applicable) | Detailed Description | Disk Image Required? |
|---|---|---|---|
| Safe mount media | A front-end for mmls and icat, two programs provided by The Sleuth Kit, along with file system ID and FUSE mounting code | Have devices (e.g. USB drives, CD-ROMs) that you'd like to image and explore with BitCurator? Connect them so that BitCurator can see them, but safely: no worries about writing any data back to the device (e.g. last modified dates on viewed files won't be overwritten with the current date). | NO |
| Share files between BitCurator virtual machine and host machine | Oracle Virtual Box | Work with files outside the BitCurator virtual machine (e.g. save something from inside BitCurator to your computer's desktop, copy and paste text from a tutorial you're reading in your browser on your computer into the BitCurator environment). You can share a folder between your machine and the BitCurator environment, share the contents of your cut/copy/paste clipboard, and drag and drop files between your machine and the BitCurator environment. | NO |
| Create disk images | Create a perfect capture of your device's file structure and all contents (including hidden files and fragments) PLUS package this image with information about the disk imaging process. When anyone accesses the disk image later on, they'll have information about who imaged the device, when the device was imaged, etc. as well as be able to explore the exact state of the device as it was when you imaged it. | ___ | |
| Scan media for viruses and malware | On Demand scanning of files for the detection of trojans, viruses, malware & other malicious threats. | NO | |
| Understanding Bulk Extractor Scanners | Bulk Extractor | Review commonly used Bulk Extractor scanners, learn what features each scanner targets, and how to enable and disable specific scanners. | |
| Sensitive/PII scanning | Look for specific types of data such as social security numbers, GPS map coordinates, and email addresses, to protect the privacy of a donor before exposing a collection to the public, and to locate information for researchers (e.g, find email correspondence between an author and a particular editor). The Bulk Extractor Scanners page covers the different things you can scan for (and why you might want to scan for them) in detail. | NO | |
| Document filesystem in Digital Forensics XML (DFXML) | fiwalk | Create an XML rendering of a file's structure. Digital Forensics XML (DFXML) is a metadata schema designed to facilitate the sharing of structured information produced by forensic tools and processes. The BitCurator project published the first version of the DFXML Tag Library in February 2013. The library contains 72 elements generated by the software program fiwalk. The library describes the constraints of the schema and lists the following: tag name, element name, description, may contain, may occur within, attributes, allowable values, repeatable, mandatory, and an example of the element in use. The most recent version of BitCurator's DFXML Tag Library, along with information from the working group, can be found here. | NO |
| Link Sensitive/PII information to file names in DFXML report | Annotated Features Report | Link potentially sensitive information found by scanning your disk image to file names in the DFXML report, bridging between the output from bulk_extractor and the DFXML report from fiwalk to create a report that not only locates if a feature (e.g. social security numbers) appears on your disk image, but also identifies the specific file(s) in which it can be found. This is a required step before generating the file BitCurator Forensics Reports because bulk_extractor locates features by scanning the bit stream, not the file system. | YES |
| Explore overview of file formats, deleted files, file system metadata, PREMIS preservation metadata, and sensitive/PII information | BitCurator Forensic Reports | Generate human-friendly BitCurator Forensic Reports using the data produced by Guymager, the Bulk Extractor Viewer, fiwalk, and Annotated Features report to explore your born-digital materials completely (including hidden or partially deleted files and file fragments). You’ll find visualizations, XLSX transcriptions of file system metadata, high-level reports on file types, and overviews of features identified by bulk_extractor. | YES |
| Extract compressed files | Nautilus script | Turns compressed files (e.g. a .zip) into a folder containing the package's files. | NO |
| Calculate checksums | Nautilus script | Ensure the authenticity of your media! A checksum is an identifier for the exact state of a file (such as a disk image) that can be compared to checksums calculate at later times to ensure that the file remains in its original state (e.g. not altered due to physical damage, bit rot, malicious intent, or accidental non-write-protected usage). | NO |
| Identify duplicates | FSLint | Identify duplicate files based on file size and checksum. Displays all of the duplicate files grouped together with information such as how many files are in the group and the number of bytes wasted in duplicate files. The files themselves are listed by their name, directory, and last modification date. Also displays the total number of bytes wasted in the total number of files and total number of groups. You can then select and delete duplicate files or merge them. Merging will only save one copy of the file on the hard drive, but the file will still appear and function as needed in each original location. | NO |
| Characterize file formats | FITS | File characterization is the broad term for a variety of processes used to automatically interpret and describe the structure and content of a file, including format identification, format validation, and metadata extraction. The File Information Tool Set (FITS) is a file characterization tool set that combines multiple different tools in order to provide a broader range of characterization all documented in one XML output file. This suite of tools collectively identifies the type/format of a given file, derives characterizing information that is specific to the file (word counts, run times, etc.), and validates that the given file conforms to its type/format specification. | NO |
| Display file type and details | Nautilus script | Use to quickly identify file type, extract key metadata, and display file details like file name, size, blocks, access permissions, and history. | NO |
| Open a file in hexadecimal notation | Nautilus script | Useful for accessing files trapped in defunct formats (e.g. written in a very old word processing program). A hexadecimal (hex) editor lets you view and edit any file, regardless of the format it was saved in. | NO |
| Search directories for specific files | Nautilus script | Search all the files currently in the BitCurator virtual environment (i.e. rather than searching from a collection of files that might not be updated to contain the latest state of your system) by content or name. Also search specifically for image files or deleted files. | NO |
| Display E01 or AFF forensics disk image metadata | Nautilus script | After creating an AFF- or E01-format disk image (using BitCurator's Guymager tool, or some other way), this feature provides a quick way to view data about the disk image such as who performed the imaging and when it was performed. | YES |
| View, edit, and export metadata from graphic image files | PyExifToolGUI | Graphic image files (e.g. .exif, .jpg, other photo and visual image formats) can contain hidden information, such as the GPS coordinates of the location where a photo was taken. | NO |
| View and export information from HFS-formatted disks | HFS Explorer | HFS is a proprietary Apple format you'll see used with Mac media (e.g. floppies written to from a Mac SE computer). This tool lets you view data in this format, as well as export it for exploration with other BitCurator tools. | NO |
| Access files on your disk image | File Access | Want to open a document that's on your disk image, or otherwise export and access a file? This feature gives you access to files on your disk image, including hidden and partially deleted files. | YES |