Digital Forensics for Archivists: Advanced

Certificate Eligibility: 
DAS
Credits: 
10 ARC, 1.5 CEU
Length: 
2 days
Format: 
In-Person
Max Attendees: 
35
Tier: 
Tools & Services
Description: 

Are you starting to receive disks as parts of collections or have you discovered disks in boxes of paper records? Caring for the records stored on removable storage media (e.g., floppy disks, hard drives, thumb drives, memory sticks, and CDs) requires archivists to extract whatever useful information resides on the medium while avoiding the accidental alteration of data or metadata. In this course, you’ll learn how to apply existing digital forensics methods and tools in order to recover, preserve, and ultimately provide access to born-digital records. We’ll explore the layers of hardware and software that allow bitstreams on digital media to be read as files, the roles and relationships of these layers, and tools and techniques for ensuring the completeness and evidential value of data. We’ll apply digital forensics tools and methods to test data in order to illustrate how and why they are used.

 

Note: This course includes exercises with open-source tools in the BitCurator environment. BitCurator is distributed both as a virtual machine and as an installable ISO image.


Students must be prepared to bring a laptop to the course with the following software already installed. (All software programs are free.) iPads and other tablet devices will NOT be able to perform the hands-on tasks, as these devices do not have adequate resources or allow the level of user control required to run the associated software.

Follow the appropriate downloads for your environment at:

On certain PC laptops, when you first run the BitCurator VM, you may encounter an error message indicating that VT-x is not enabled or that you need to update your BIOS. If this happens, you will need to reboot the machine, enter the BIOS (usuallly by holding down the "Del", "Esc", or "ThinkPad" key), and enable the Intel Virtualization extensions. If your BIOS is locked, you will need the assistance of your local admin.

 

For Windows 7/8 users:

  • Hex editing software: Cygnus Hex Editor
  • ISO mounting software: OSFMount
  • Forensic imaging software: FTK Imager (be sure to use the free program called FTK IMAGER and NOT the full commercial suite of tools called FTK (Forensic Toolkit)
  • Cryptographic hashing (MD5/SHA) software: FileVerifier++

For Macintosh users:

Learning Outcomes: 
Explain the roles and relationships between the main layers of technology required to read a string of bits off of a physical storage medium and treat it as a file
Identify various forms of data that may be "hidden" on the physical storage medium
Use write blockers and create disk images in order to prevent accidental manipulation of volatile data
Identify and extract the data that a file system uses to manage files
Apply digital forensics tools and methods to collections of records
Identify and compare alternative strategies for providing public access to data from disk images
Who Should Attend?: 

Archivists, manuscript curators, librarians, and others who are responsible for acquiring or transferring collections of digital materials, particularly those that are received on removable media

What You Should Already Know: 

Participants are expected to know basic archival practice and have intermediate knowledge of computers and digital records management.

 

This course builds on others in the Digital Archives Specialist (DAS) curriculum, including Basics of Managing Electronic RecordsElectronic Records—The Next Step, Thinking Digital, Accessioning and Ingest of Electronic Records, and Metadata Overview for Archivists.

DAS Core Competency: 
1. Explain the nature of digital records and their lifecycle.
3. Formulate strategies and tactics for appraising, acquiring, describing, managing, organizing, preserving, and delivering digital archives.
4. Incorporate technologies throughout the archival lifecycle.
6. Employ standards and best practices in the management of digital archives.
7. Design a defined set of services for designated community.
Reviews: 
"Understanding the underlying structure of data and BitCurator's role in data triage and digital forensics was thorough and greatly informative. Seeing both the small and big picture helped a lot."
"The hands-on experience working with BitCurator was really very valuable. While learning the computer science behind the forensics is a necessary basis, I really take these courses to learn how this is applicable to MY daily job. Especially with someone like Cal Lee there to offer first-hand instruction with the software, this was easily one of the most beneficial DAS courses I've taken."
"The ethical discussions at the end of the course were excellent. It allowed us to sink our teeth into what we had learned and discuss real world application. It was very useful to be introduced to the variety of tools available for download and to learn how we might use them."
Co-Sponsor Provides: 
  • Classroom: 6-foot tables with two chairs each or 8-foot tables with three chairs each
  • A large table at the front of the room for the instructor to use to lay out materials
  • Flip chart with markers or a whiteboard with erasable markers and eraser
  • Lectern
  • Instructor workstation (a PC or laptop that has a USB port, runs standard MS Office software—including PowerPoint—and has all of the course software* pre-installed)
  • Computers for each student; if this isn't possible, SAA will ask each student to bring a laptop
  • LCD projector and replacement bulb for the LCD projector
  • Wireless Internet access and enough outlets or power cords for each participant's laptop
  • Projection screen
  • Coffee/tea/water for morning break
  • Water/assorted soft drinks for afternoon break

*See "Description" above for necessary course software.