The digital information that is produced by an HE institution has considerable value, from a business and research perspective. While considerable attention in the digital preservation community has focused upon the establishment of policies, procedures and trusted digital environments, the process by which data is identified, obtained and transferred into these systems remains ad-hoc, dependent upon manual activities being performed by the depositor and receiver. These processes in the early stages of the curation lifecycle are not without difficulty – the complex and transitory nature of digital information may result in data being overlooked for archiving, while its fragility may result in elements of the content or context (e.g. metadata contained in file attributes, directory structures) being lost when it is transferred between systems.
Digital forensics emerged from the law enforcement community in the 1980s as a method to identify, acquire, analyse and report upon digital information that constitute evidence of a legal investigation. To ensure that digital evidence is trustworthy and admissible, investigators must be able to establish that the information is authentic in what it purports to be and who created it. Failure to establish these requirements may result in the breakdown of the criminal investigation, incurring financial and reputation costs. In recent years, considerable investment has been made to establish digital forensics as a discipline and flexible software tools have been developed to analyse the increasingly large and diverse types of digital information produced in an automated, non-invasive manner. Although intended to fulfil the requirements of criminal investigation, the principles of digital forensics have relevance to other disciplines and software tools may be used by archivists, digital curators, and records managers to better comply with legal admissibility standards, such as BS 10008, and enhance processes associated with the capture and management of data.
The Forensic Investigation of Digital Objects (FIDO) project aims to investigate the application of digital forensics within the working practices of a UK HE archive. The project will demonstrate the value of adopting tools and techniques developed for the emerging digital forensics field, while building upon the long-standing archival theory archival and digital curation approaches. To enable the college to provide end-to-end preservation of digital information of value, the Centre for e-Research (CeRch) and Archives & Information Management (AIM) service will collaborate to trial and embed digital forensic principles, tools and techniques into the working practices of the AIM service.
The project will address the management of two categories of digital equipment that are increasingly being provided by donors to the college archive:
- Computer systems, such as Windows PCs and Apple Macs that are donated to the archives or remain in active use by college staff;
- Digital media formats, such as floppy disks, CD-ROM, DVD-ROM, USB sticks, and SD solid state storage, among others.
The management practices associated with both types of resource must be carefully considered, to ensure that user-generated digital information may be identified, analysed, and extracted for curation & preservation in a manner that retains the context, authenticity and integrity of the digital information. The project will work data producers who are actively creating data to develop new processes and procedures for obtaining digital information of long-term value currently held on their office computer and transfer them into the digital archive in a manner that minimises disruption to their existing work practices. Data held on digital media must also be carefully handled, to ensure that digital information, including current and deleted data, maintains all attributes of the data, avoids accidental or intentional change, and is documented in an audit trail, in order to maintain the forensic value of the source.