digital forensics intro 20151123

A Brief Introduction to Digital Forensics

Based in large part on the July 29, 2014 BitCurator workshop at METRO,

as well as the SAA DAS curriculum ***

Kevin SchlottmannNovember 23, 2015

What is digital forensics?

"…identifying, preserving, analyzing, and presenting digital evidence…"

2

http://aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf

Briefest history of digital media

3

Why apply digital forensics?

*To ensure data integrity and ease automation and processing

4

Why apply digital forensics?

*In other words: preserve significant properties such as authenticity and reliability

5

Why apply digital forensics?

*In other words: to ensure provenance, original order, chain of custody, and context of digital objects

6

Just one part of the plan

7

Many, many tools

BC, FTK, USB, JHOVE, E01, METS, PREMIS

8

What is BitCurator?

*Customized Linux OS running in virtual machine with a tightly integrated, well-documented suite of open-source digital forensics tools

9

What is BitCurator?

*Customized Linux OS running in virtual machine…

10

What is BitCurator?

*Customized Linux OS running in virtual machine…

11

What is BitCurator?

*…a tightly integrated, well-documented suite of open-source digital forensics tools

12

1. Creating a disk image

13

2. Analyzing the disk image

14

3. Create access copy

15

Just one part of the plan

16

Who is doing this work?

17

What skills mightdigital archivists have?

18

Firm understanding of archival principles: provenance, original order, creation context

Firm understanding of archival standards: levels of description, DACS, the EAC suite

Outlines of METS, MARC/MODS/DC, PREMIS, and how they might fit together

Metadata wrangling tools: Excel, csv, OpenRefine

A “power tool” : XSLT, xQuery, command-line tools (grep, sed), or Python

Actionable curiosity http://gavialib.com/2013/09/the-one-skill/

What am I doing right now?

Using METS files to manage disk images

ePADD for email processing

Just one part of the plan

20

Additional Reading

21

*BitCurator wiki [http://wiki.bitcurator.net/index.php?title=Main_Page]

*From Bitstreams to Heritage report [http://www.bitcurator.net/docs/bitstreams-to-heritage.pdf]

*You’ve Got to Walk Before You Can Run: First Steps for Managing Born-Digital Content Received on Physical Media[http://www.oclc.org/content/dam/research/publications/library/2012/2012-06.pdf?urlm=168601]

Thank you!