Using the Run All Tab

From BitCurator
Jump to: navigation, search

In addition to being able to run fiwalk, the annotation reports, and the BitCurator forensic reports individually, the BitCurator Reporting Tool allows the archivist to execute the entire process in the "Run All" tab.

If you'd prefer following video instructions, check out the screencast version of this tutorial in our video gallery.

Generating BitCurator Forensic Reports

Step 1

Open the BitCurator Reporting Tool by double clicking on the "Forensics Tools" folder on the BitCurator desktop and then double clicking on the "BitCurator Reporting Tool" icon.

Step 2

Once the BitCurator Reporting Tool finishes opening, choose the "Run All" tab in the options along the top ("Run All" is the default tab, see Figure 1).

Step 3

Type or navigate to the location of the following files or directories (see Figure 1):

  • Image File: The location of the forensics disk image to be analyzed.
  • Bulk Extractor Feature Directory: The directory containing the bulk_extractor results corresponding to the disk image above.
  • Output Directory (fiwalk output, annotated features, and reports will appear in here): A new directory created by the BitCurator Reporting Tool to contain various reports. Note: if you use the navigation button to choose this directory, type the name of the new directory in the "Name:" field on the top left of the window and then click "Save". Do not use the "Create Folder" button on the right to create this new directory (see Figure 2).
  • Config File (optional): For additional configuration files; generally left empty.
Figure 1: The Reports tab in the BitCurator Reporting Tool.
Figure 2: Type the name of the new directory in the "Name" field.

Step 4

Once each of the file and directory fields above are properly filled out, click the "Run" button. The activity bar on the bottom left will indicated that the report generation process is still ongoing. Once complete, a success or error message will appear in the "Command Line Output" window (see Figure 3).

Figure 3: The BitCurator forensics reports have been successfully created.

Step 5

Completion of the steps above generates the following files in the directory you specified under "Output Directory" in Step 3:

  • features (directory): the annotated features
  • bc_format_bargraph.pdf (file): the format histogram
  • bulk_extractor_report.pdf (file): high-level overview of feature locations on disk
  • fiwalk_deleted_files.pdf (file): shows paths to any deleted materials found in a given partition
  • fiwalk-output.xml.xlsx (file): Excel converted DFXML output (file system metadata)
  • fiwalk_report.pdf (file): High-level overview of file system characteristics
  • format_table.pdf (file): Long-form file format names for formats shown in bargraph
  • premis.xml (file): PREMIS preservation metadata

Open the BitCurator reports directory to examine the files. You’ll find visualizations, XLSX transcriptions of file system metadata, high-level reports on file types, and overviews of features identified by bulk_extractor.