digital forensics intro 20151123
TRANSCRIPT
![Page 1: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/1.jpg)
A Brief Introduction to Digital Forensics
Based in large part on the July 29, 2014 BitCurator workshop at METRO,
as well as the SAA DAS curriculum ***
Kevin SchlottmannNovember 23, 2015
![Page 2: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/2.jpg)
What is digital forensics?
"…identifying, preserving, analyzing, and presenting digital evidence…"
2
http://aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf
![Page 3: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/3.jpg)
Briefest history of digital media
3
![Page 4: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/4.jpg)
Why apply digital forensics?
*To ensure data integrity and ease automation and processing
4
![Page 5: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/5.jpg)
Why apply digital forensics?
*In other words: preserve significant properties such as authenticity and reliability
5
![Page 6: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/6.jpg)
Why apply digital forensics?
*In other words: to ensure provenance, original order, chain of custody, and context of digital objects
6
![Page 7: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/7.jpg)
Just one part of the plan
7
![Page 8: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/8.jpg)
Many, many tools
BC, FTK, USB, JHOVE, E01, METS, PREMIS
8
![Page 9: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/9.jpg)
What is BitCurator?
*Customized Linux OS running in virtual machine with a tightly integrated, well-documented suite of open-source digital forensics tools
9
![Page 10: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/10.jpg)
What is BitCurator?
*Customized Linux OS running in virtual machine…
10
![Page 11: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/11.jpg)
What is BitCurator?
*Customized Linux OS running in virtual machine…
11
![Page 12: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/12.jpg)
What is BitCurator?
*…a tightly integrated, well-documented suite of open-source digital forensics tools
12
![Page 13: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/13.jpg)
1. Creating a disk image
13
![Page 14: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/14.jpg)
2. Analyzing the disk image
14
![Page 15: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/15.jpg)
3. Create access copy
15
![Page 16: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/16.jpg)
Just one part of the plan
16
![Page 17: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/17.jpg)
Who is doing this work?
17
![Page 18: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/18.jpg)
What skills mightdigital archivists have?
18
Firm understanding of archival principles: provenance, original order, creation context
Firm understanding of archival standards: levels of description, DACS, the EAC suite
Outlines of METS, MARC/MODS/DC, PREMIS, and how they might fit together
Metadata wrangling tools: Excel, csv, OpenRefine
A “power tool” : XSLT, xQuery, command-line tools (grep, sed), or Python
Actionable curiosity http://gavialib.com/2013/09/the-one-skill/
![Page 19: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/19.jpg)
What am I doing right now?
Using METS files to manage disk images
ePADD for email processing
![Page 20: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/20.jpg)
Just one part of the plan
20
![Page 21: Digital forensics intro 20151123](https://reader031.vdocuments.mx/reader031/viewer/2022021423/58a0a47c1a28ab9f758b6be5/html5/thumbnails/21.jpg)
Additional Reading
21
*BitCurator wiki [http://wiki.bitcurator.net/index.php?title=Main_Page]
*From Bitstreams to Heritage report [http://www.bitcurator.net/docs/bitstreams-to-heritage.pdf]
*You’ve Got to Walk Before You Can Run: First Steps for Managing Born-Digital Content Received on Physical Media[http://www.oclc.org/content/dam/research/publications/library/2012/2012-06.pdf?urlm=168601]
Thank you!