Forensic workstation, part 3 – software
General software
The computer had come with Adobe Acrobat Reader and VLC media viewer pre-installed. I was able to install MS Office 365 and Adobe Photoshop Elements 2020 onto my workstation, without needing to pay for additional licenses, allowing me to view a range of common file types. To complement this I also downloaded Audacity for listening and converting audio material and Handbrake for video material. Whist I don’t advocate using your forensic workstation for everyday work, being able to view the content once it has been safely removed from media is useful. I always create a second copy of the content once it has been removed from the media and use this for previewing the content as part of an initial appraisal assessment.
Update: I have added LibreOffice and Notepad++ (thanks David)
Virus protection
Installing anti-virus software on your workstation is crucial. Exactly how you protect your workstation is very much dependant upon your particular set-up and the technical support you have to call-on. Networked devices will be covered through institutional anti-virus programmes but most forensic workstations tend to be disconnected from the network to avoid introducing a virus from amongst your born-digital archives.
The two most frequently cited anti-virus packages used in digital preservation workflows are ClamAV and AVG. Some organisations will not be comfortable with a non-networked PC but use your persuasion skills with colleagues in ICT to get the appropriate permissions to install software and future updates (whether this is DROID signature files or virus updates etc).
Digital Preservation software
The primary purpose of the workstation was to support my work with born-digital archives. The first piece of software I installed was DROID. Over the next month I will look at some of the other free software that is used by the digital preservation community, listed here in alphabetical order…
Update: FIDO and Siegfried added to the list (thanks David and Rachel)
- Autopsy (digital forensics)
- Bit Curator (for working with disk images)
- ePadd (
for email) - ExactFile (file integrity tool)
- FIDO (format identification)
- Fixity (monitoring file integrity)
- FTK Imager (
forensic tool) - Jhove (file identification)
- Siegfried (format identification)
- Teracopy (file verification)
There is considerable duplication and overlap in this list – you certainly don’t need to install everything on this list. Some of this software I have used before, others are new to me.
I am keen to hear from colleagues – have I missed your favourite free tool that you always turn to for your digital preservation processing? I am also looking for practical scenarios to consider when looking at the various tools!
You can contact me via email or twitter (@simon_archivist)
