The Digital Preservation and Digital Forensics Laboratory at UNC SILS

From BitCurator
Jump to: navigation, search
caption


General Information

The Digital Preservation and Digital Forensics Laboratory (DPDFL) at the UNC School of Information and Library Science serves primarily as a research and education facility. It is a development and testbed space for ongoing grant-funded BitCurator activities, as well as a workspace for students taking the Digital Forensics course at SILS. It is also available by appointment to other members of the UNC community working with legacy media.

Because of the emphasis on research and education, the available equipment and layout are somewhat different from a production environment. See the general lab setup guidance page for more information regarding selecting and purchasing equipment for a production lab.

The vendor links provided on this page are neither endorsements nor paid referrals. They are provided only for your convenience.

Building and Organizing the Lab

The DPDFL at UNC SILS is located in an office within the shared iBiblio / BitCurator workpod. The DPDFL has a dedicated HVAC system (independent of the general building HVAC) that allows a maximum 72 degrees Fahrenheit (22 degrees Centigrade) within the space. All workstations in the lab are connected to TrippLite AVR900U UPS (vendor link: AVR900U) devices capable of providing approximately 10 minutes of runtime (as loaded) during power failures.

Even in a relatively small lab like the DPDFL, it is very easy to misplace small items (cables, adapters, and tools), so every storage location in the lab is precisely labeled. Those items that are too small to label individually are grouped in containers that are clearly labeled with complete manifests. Tools and small component manifests (cables, adapters, and assembly items) are not described on this page.

Workstations

(1) Digital Intelligence FRED DX (purchased 2014), customized (Vendor link: FRED DX System)

  • Single-boot: Windows 10 Pro
  • Dual Intel Xeon E5-2670 (2 x 10-core)
  • 64GB RAM
  • Nvidia GTX 780
  • 1TB Samsung 850 Evo Pro SSD (boot disk)
  • 1TB Samsung 850 Evo Pro SSD (database store)
  • 4TB (2 x 2TB Seagate Barracuda) internal storage
  • Ultrabay 3D write-blocker
  • Write-block capable media reader (SD/mSD, MMC, CF, MS, MS Pro)
  • External USB 2.0 3.5" floppy
  • 16TB (8 x 2TB Seagate Barracuda) external storage via eSATA / USB 3.0 enclosure

(1) Digital Intelligence FRED (purchased 2009), customized (Vendor link: FRED System)

  • Dual-boot: Windows 10 Pro, BitCurator
  • Intel Core i7 920 (quad-core)
  • 24GB RAM
  • Nvidia GT420
  • 1TB Samsung 850 Evo Pro SSD (boot disk)
  • 1TB Samsung 850 Evo Pro SSD (database store)
  • 4TB (2 x 2TB Seagate Barracuda) internal storage
  • Legacy (non-3D) UltraBay write-blocker
  • Write-block capable media reader (SD/mSD, MMC, CF, MS, MS Pro)
  • External USB 2.0 3.5" write-block capable floppy
  • 16TB (8 x 2TB Western Digital Green) external storage via eSATA / USB 3.0 enclosure
  • Thermaltake 1200W modular power supply (upgraded after failure of original)

(1) Dell OptiPlex 980 (purchased 2010), customized

  • Single-boot: Windows 10 Pro
  • Intel Core i7 920 (quad-core)
  • 8GB RAM
  • 2TB Seagate Barracuda (boot disk)
  • 2TB Seagate Barracuda (internal store)
  • 16TB (8 x 2TB Western Digital Green) external storage via eSATA / USB 3.0 enclosure

Servers (Not Pictured)

(1) Lenovo ThinkStation P910 (purchased 2016)

  • Single-boot: Ubuntu 16.04LTS Server
  • Dual Intel Xeon 2650 (2 x 12-core)
  • 256GB RAM
  • 512GB PCIe SSD (boot disk)
  • 2 x 4TB Seagate Barracuda (data store)

(1) Dell OptiPlex 9020 (purchased 2015), customized

  • Single-boot: Ubuntu 16.04LTS Server
  • Intel Core i7 4790 (quad-core)
  • 16GB RAM
  • 1TB Samsung Evo 850 Pro (boot disk)
  • 2TB Seagate Barracuda (data store)

Legacy Media Acquisition

The DPDFL lab includes an external tower connected to the circa-2009 FRED for acquisition of legacy media.

Additional legacy media acquisition devices (external and internal):

  • 1 x SuperCard Pro (vendor link: CBMStuff SuperCard Pro)
  • 1 x DiscFerret (vendor link: DiscFerret)
  • 2 x 250MB Iomega Zip 250 drives
  • 2 x TEAC FD55GFR 5.25" floppy drives (these were scavenged from surplus systems; also available on eBay but getting more expensive)
  • 1 x 3.5" external USB floppy with physical write-block switch (Digital Intelligence, Matsushita manufactured)
  • 1 x 3.5" external USB floppy (Sony manufactured)

External Write-Blockers

Organization

  • 1 x Akro Mils 10744 44-Drawer Hardware and Craft Cabinet (Vendor link: Akro Mils Plastic Cabinets)
  • 1 x HON 3-drawer steel filing cabinet
  • 14 x Sterilite 6qt Clear Storage totes

Check-Out Items

Lab users may check out one of six Pelican 1400 cases (vendor link: Pelican 1400) that include the following:

  • 1 x WiebeTech ComboDock v5 (SATA / IDE write-blocker) with power supply, SATA and IDE cables, and USB 3.0 host cable
  • 1 x Tableau T8-R2 Forensic USB Bridge with power supply and USB cable
  • 1 x 16GB USB thumb drive with BitCurator VM and ISO

Security and Lab Management

Access to the facility is secured using an electronic lock with individual access codes randomly generated and assigned to each user. Regular staff and faculty also have key access. All access events (including key events) are logged and timestamped.

In a given year, between 15 and 30 individual users may have access to the facility. Each user is provided with a basic code of conduct, which includes:

  • Passcodes to the facility must not be shared
  • Personal items (storage devices, bags, etc) may not be left unattended in the lab
  • Items in the lab that are not part of the check-out program must remain on-location.
  • The lab supervisor must be informed 24 hours in advance regarding check-outs.
  • All cables, adapters, and other items must be returned to the correct storage location after use.
  • No food or beverages are allowed in the lab.