1 / 14

Comprehensive Guide to Data Mapping and Metadata: Types, Extraction, and Preservation

This document provides an in-depth overview of data mapping within organizational and application contexts, emphasizing the hierarchical analysis levels: organizational, logical, physical, and geographic. It covers essential concepts related to NTFS file metadata, including timestamps for creation, modification, and access, as well as Word and EXIF metadata. Additionally, the guide touches on email metadata, file types and extensions, and the process of supervised machine learning in data capture. Key methods for preserving digital evidence, such as culling and de-NISTing, are also discussed for ensuring future accessibility.

garth
Télécharger la présentation

Comprehensive Guide to Data Mapping and Metadata: Types, Extraction, and Preservation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identification and Collection INFM 718X/LBSC 708X Douglas W. Oard

  2. “Data” Mapping • Organizational • Application-al • Logical • Physical • Geographic

  3. Levels of Analysis

  4. How Disks Work Extracted From Shelly Cashman Vermatt’s Discovering Computers 2004

  5. Windows “NTFS” File Metadata • Time file created (or copied) • Most recent one; optionally “journaled” • Time file content changed (or made changeable) • Most recent one; optionally “journaled” • Time file renamed (or moved) • Most recent one • Time file metadata created or changed • Most recent one • Time file accessed (content or metadata) • Most recent one; optionally disabled

  6. Microsoft Word Metadata • Author • Title • Dates (may not agree with NTFS!) • Created • Modified • Accessed • Printed • Each tracked change

  7. EXIF Image Metadata • Time • Location • Camera manufacturer and model • Camera orientation • Exposure information (shutter speed, f stop) • Thumbnail versions • Altering the image may not change the thumbnail!

  8. Email Metadata • Message metadata • Times • Sent • Resent • Received • Route • In-reply-to • Attachment file type • System metadata • Folder

  9. File Types • Extensions • MyDocument.xls • MIME type • Magic bytes • Supervised machine learning

  10. Capture • Imaging • Tape copy • Disk image • Active file capture • Hardware write block • Software write blocking • File system copy

  11. Culling • Custodian • De-NISTing • Based on NIST list of known program hashes • Date range

  12. Preservation • Future accessibility • Replication • Service copies • Authenticity • Documented traceable process • Separately stored hashes

More Related