Digital Forensics

Floppy Disks, Gold CDs, Hard Drives… Oh My! How do we protect today’s digital content for an uncertain digital future?

One of the answers is Digital Forensics, the recovery and investigation of material found in digital devices. Digital Forensics is most often associated with the field of law enforcement and computer crime detection, but libraries also use digital forensics.

Although archivists and other information specialists aren’t out to catch criminals, the techniques used by digital forensics practitioners mesh well with the goals of archives that collect and preserve digital content. Archivists must ensure records in their collections are authentic, unaltered, and accessible. Archiving a person’s digital collection requires a different set of tools than its paper counterpart. In recent years libraries and archives have turned to digital forensics to assist in the preservation of digital content within their collections.

F.R.E.D. makes it happen

F.R.E.D, or Forensic Recovery of Evidence Device, is a computer workstation with a suite of software and hardware tools that allows an archivist to work with an archival collection with digital content to:

  • Acquisition
  • Verify
  • Extract
  • Reconstruct
  • Report

These activities common to traditional archival techniques are now made possible for digital content with F.R.E.D.  An archivist will open the digital content on FRED and extract files from a disk image (an identical copy of the original file) to process and organize the digital content in a meaningful way. Of particular importance is catching files in danger of format obsolescence: Making sure we collect and save all important data before the program with which it was created can no longer be opened and read by today’s computers. Another important benefit of F.R.E.D. is that it allows us to see how a person sets up their desktop and saved files, which can be just as informative as the content of files.

Once the archivist collects data from the digital record, they save it to a secure storage site. The information gathered through F.R.E.D., which would have taken hundreds of hours to collect by hand, can in turn be made accessible to UTK students and faculty as well as to outside researchers.

Archivists at the UT Libraries have taken specialized training for using this equipment and software. UT is in the forefront of using this technology, so library staff are still learning the best ways to adapt digital forensics tools for archival uses. The Libraries’ archivists have begun a pilot project to extract information from floppy disks in existing manuscript collections. Developing solutions for the preservation of born-digital material now will make us better prepared to deal with the archival collections of the near future, which promise to be more digital than not.

Note this service is available only for digital material in the UT Libraries collections.