Digital Forensics Lab

Data recovery

The University Archives operates a small digital forensics lab to assist with the acquisition and archival appraisal of digital material donated to the University on computers and other digital storage devices such as CD-ROMs, DVDs, floppy disks, and external hard drives.

The lab processes three types of forensic cases:

  1. Data donated to the Univesity Archives on digital storage devices
  2. Recovery of data on digital storage devices previously acquired by the University and inventoried as part of the Digital Archives Collection Assessment Project
  3. "Test cases" performed as research experiments to support research and development

The following equipment is restricted to Libraries staff who have received digital forensics training.

Lab equipment

(list updated 23 February 2018)

  1. Forensic tower
    1. 1000 watt modular power supply
    2. X9 motherboard
    3. Dual Intel Xeon E5-2620V2 2.10 GHz processors (6 core per processor = 12 cores)
    4. 64 GB DDR3 SDRAM
    5. Nvidia GeForce GT740 graphics card
    6. External drive bay configuration
      1. 1 x Tableau T35689iu forensic bridge (write blocks storage media: SATA, SAS, IDE, Firewire 400/800, and USB 3.0/2.0/1.1)
      2. 1 x Forensic Computers drive dock (used in conjunction with Tableau T35689iu)
      3. 1 x AFT EX-S3 forensic card reader (write blocks storage media: CompactFlash, UDMA, SDHC, SDXC, microSD, microSDXC, Memory Stick, Memory Stick Duo, xD)
      4. 1 x Trayless  SATA Assembly (read/write)
      5. 1 x M-DISC triple burner (Blu-ray, DVD, CD)
      6. 1 x 4-Bay 2.5 inch RAID cage (with 4 x 500GB SATA III SSDs (2 x SSDs configured in RAID 0))
      7. 1 x 5-Bay RAID cage (with 4 x 2TB SAS HDDs configured in RAID 5 and 1 x 250GB SATA III for OS/apps)
    7. 2 x Toshiba 22-inch widescreen monitors with speakers
    8. 8-port SAS/SATA III RAID controler
  2. Forensic imaging workstation
    1. Intel i5 processor
  3. Software
    1. Windows 10 Pro
    2. BitCurator v1.8
    3. Forensic Toolkit (FTK) v6.1
      1. Registry Viewer
      2. Password Recovery Toolkit (PRTK)
    4. FTK Imager
    5. Tableau Imager
    6. Image for Linux (TerraByte Unlimited)
    7. Image for Windows (TerraByte Unlimited)
    8. Norton Anti-virus
  4. Accessories
    1. Keyboard
    2. Optical mouse
    3. 100 volt surge protector
    4. Security bit set
    5. Multi-purpose screwdriver
    6. LED flashlight
  5. Adaptors and external bridges
    1. Tableau T356789iu cabling and adapter set
      1.  1 x TC4-8-R2 SATA/SAS Signal Cable
      2. 1 x TC6-2 2 inch IDE Signal Cable
      3. 1 x TC6-8 IDE Signal Cable
      4. 1 x TC2-8-R2 Molex Style Power Cable
      5.  1 x TDA5-18 1.8 inch IDE Hard Disk Adapter
      6.  1 x TDA5-25 2.5 inch IDE Hard Disk Adapter
      7. 1 x TDA5-ZIF 1.8 inch IDE ZIF Hard Disk Adapter
      8.  1 x TDA3-1 SATA Solid State Disk Adapter
      9. 1 x m.2 PCIe and x16 PCIe adapter with cables
    2. Asus UX31 UX21 ADATA XM11 XM11ZZB5 SSD to 2.5 Inch SATA Adapter Card
    3. DeviceSide Data FC5025 floppy controller (for floppy disk drives)
    4. KryoFlux forensic floppy controller (for floppy disk drives)