Generating BitCurator Forensic Reports

From BitCurator
Revision as of 23:02, 12 January 2018 by Kamwoods (talk | contribs) (Created page with "The culmination of the previous steps in the BitCurator process result in the BitCurator Forensic Reports. These reports bring together the various outputs of bulk_extractor,...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The culmination of the previous steps in the BitCurator process result in the BitCurator Forensic Reports. These reports bring together the various outputs of bulk_extractor, fiwalk and the annotation tool to generate both machine and human readable reports that can be read directly or crosswalked to other archival tools.

If you'd prefer following video instructions, check out the screencast version of this tutorial in our video gallery.

Generating BitCurator Forensic Reports

Step 1

Open the BitCurator Reporting Tool by double clicking on the "Forensics Tools" folder on the BitCurator desktop and then double clicking on the "BitCurator Reporting Tool" icon.

Step 2

Once the BitCurator Reporting Tool finishes opening, click on the "Reports" tab in the options along the top (see Figure 1).

Step 3

Type or navigate to the location of the following files or directories (see Figure 1):

  • Fiwalk XML File: The location of the DFXML output when running fiwalk.
  • Annotated Features Files Directory: The directory containing the output of the Annotated Features report
  • Output Directory For Reports (new): A new directory created by the BitCurator Reporting Tool to contain the BitCurator forensics reports. Note: if you use the navigation button to choose this directory, type the name of the new directory in the "Name:" field on the top left of the window. Do not use the "Create Folder" button on the right to create this new directory. (see Figure 2).
  • Config File (optional): For additional configuration files; generally left empty.
Figure 1: The Reports tab in the BitCurator Reporting Tool.
Figure 2: Type the name of the new directory in the "Name" field.

Step 4

Once each of the file and directory fields above are properly filled out, click the "Run" button. The activity bar on the bottom left will indicated that the report generation process is still ongoing. Once complete, a success or error message will appear in the "Command Line Output" window (see Figure 3).

Figure 3: The BitCurator forensics reports have been successfully created.

Step 5

Completion of the steps above generates the following files in the directory you specified under "Output Directory" in Step 3:

  • features (directory): the annotated features
  • bc_format_bargraph.pdf (file): the format histogram
  • bulk_extractor_report.pdf (file): high-level overview of feature locations on disk
  • fiwalk_deleted_files.pdf (file): shows paths to any deleted materials found in a given partition
  • fiwalk-output.xml.xlsx (file): Excel converted DFXML output (file system metadata)
  • fiwalk_report.pdf (file): High-level overview of file system characteristics
  • format_table.pdf (file): Long-form file format names for formats shown in bargraph
  • premis.xml (file): PREMIS preservation metadata

Open the BitCurator reports directory to examine the files. You’ll find visualizations, XLSX transcriptions of file system metadata, high-level reports on file types, and overviews of features identified by bulk_extractor.