A Brief Introduction to Digital Forensics Based in large part on the July 29, 2014 BitCurator workshop at METRO, as well as the SAA DAS curriculum *** Kevin Schlottmann November 23, 2015
A Brief Introduction to Digital Forensics
Based in large part on the July 29, 2014 BitCurator workshop at METRO,
as well as the SAA DAS curriculum ***
Kevin SchlottmannNovember 23, 2015
What is digital forensics?
"…identifying, preserving, analyzing, and presenting digital evidence…"
2
http://aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf
Briefest history of digital media
3
Why apply digital forensics?
*To ensure data integrity and ease automation and processing
4
Why apply digital forensics?
*In other words: preserve significant properties such as authenticity and reliability
5
Why apply digital forensics?
*In other words: to ensure provenance, original order, chain of custody, and context of digital objects
6
Just one part of the plan
7
Many, many tools
BC, FTK, USB, JHOVE, E01, METS, PREMIS
8
What is BitCurator?
*Customized Linux OS running in virtual machine with a tightly integrated, well-documented suite of open-source digital forensics tools
9
What is BitCurator?
*Customized Linux OS running in virtual machine…
10
What is BitCurator?
*Customized Linux OS running in virtual machine…
11
What is BitCurator?
*…a tightly integrated, well-documented suite of open-source digital forensics tools
12
1. Creating a disk image
13
2. Analyzing the disk image
14
3. Create access copy
15
Just one part of the plan
16
Who is doing this work?
17
What skills mightdigital archivists have?
18
Firm understanding of archival principles: provenance, original order, creation context
Firm understanding of archival standards: levels of description, DACS, the EAC suite
Outlines of METS, MARC/MODS/DC, PREMIS, and how they might fit together
Metadata wrangling tools: Excel, csv, OpenRefine
A “power tool” : XSLT, xQuery, command-line tools (grep, sed), or Python
Actionable curiosity http://gavialib.com/2013/09/the-one-skill/
What am I doing right now?
Using METS files to manage disk images
ePADD for email processing
Just one part of the plan
20
Additional Reading
21
*BitCurator wiki [http://wiki.bitcurator.net/index.php?title=Main_Page]
*From Bitstreams to Heritage report [http://www.bitcurator.net/docs/bitstreams-to-heritage.pdf]
*You’ve Got to Walk Before You Can Run: First Steps for Managing Born-Digital Content Received on Physical Media[http://www.oclc.org/content/dam/research/publications/library/2012/2012-06.pdf?urlm=168601]
Thank you!