Home » Education » Course Catalog » Digital Forensics: Fundamentals

Digital Forensics: Fundamentals

Certificate Eligibility: 
DAS
Credits: 
5 ARC, 0.75 CEU
Length: 
1 day
Format: 
In-Person
Max Attendees: 
25
Tier: 
Foundational
ACE Category: 
Description: 

The field of digital forensics often evokes imagery of prime-time television crime dramas. But what is it, and how can archivists put digital forensics tools and processes to use in their home institutions? Archivists are more likely than ever to be confronted with collections containing removable storage media (e.g., floppy disks, hard drives, thumb drives, memory sticks, and CDs). These media provide limited accessibility and may endanger the electronic records housed within, due to obsolescence and loss over time. Caring for these records requires archivists to extract whatever useful information resides on the medium while avoiding the accidental alteration of data or metadata.

You’ll explore the layers of hardware and software that allow bitstreams on digital media to be read as files, the roles and relationships of these layers, and tools and techniques for ensuring the completeness and evidential value of data.

This course is specifically designed as a precursor and prerequisite to the two-day Digital Forensics for Archivists: Advanced DAS course.

________________________________________________________________________________

Students must have a laptop/computer to the course with the following software already installed. (All software programs are free.) iPads and other tablet devices will NOT be able to perform the hands-on tasks, as these devices do not have adequate resources or allow the level of user control required to run the associated software.

For Windows 10 and Windows 11 users:

  • Hex editing and hash generation software: HexEd.it (online, no install required)
  • ISO mounting software: OSFMount
  • Forensic imaging software: FTK Imager (be sure to use the free program called FTK IMAGER and NOT the full commercial suite of tools called FTK (Forensic Toolkit). You will need to scroll down the page to find the download link for FTK Imager.
  • Optional additional cryptographic hashing (MD5/SHA) software: FileVerifier++

For Macintosh users:

  • Hex editing and hash generation software: HexEd.it (online, no install required)
  • How to mount an ISO in macOS
  • Forensic imaging software: Run the BitCurator VM and use Guymager
  • Optional additional cryptographic hashing (MD5/SHA) software: Quickhash-GUI (or use the Mac OSX command-line utility "md5")
  • You can also run many Windows tools on your Mac by using WINE or Windows in a virtual machine; this is optional, and not required for successful completion of the course.
Learning Outcomes: 
Demonstrate an understanding of the principles, tools, and technologies behind the practical field of digital forensics
Explore how digital forensics tools and techniques can apply to an archival setting
Consider a range of digital forensics tools, and use some of them to create disk images and analyze their content for different types of information
Who Should Attend: 

Archivists, manuscript curators, librarians, and others who are responsible for acquiring or transferring collections of digital materials—particularly those that are received on removable media

What You Should Already Know: 

Basic computer literacy; participants should understand how to install and use software tools listed in the syllabus and be able to read and comprehend basic (though detailed) technical concepts

DAS Core Competency: 
1. Explain the nature of digital records and their lifecycle.
3. Formulate strategies and tactics for appraising, acquiring, describing, managing, organizing, preserving, and delivering digital archives.
4. Incorporate technologies throughout the archival lifecycle.
6. Employ standards and best practices in the management of digital archives.
Instructor(s): 
Martin Gengenbach
Christopher "Cal" Lee
Kam Woods
Reviews: 
“The workshop was extremely helpful in helping me to grapple with the concepts that we need to be thinking about once we start digital archiving.”
“The most valuable part of the course was the hands-on exercises working with tools after being provided the background to WHY we would want to use the tools and HOW the tools work.”
"The pace was excellent and covered a lot of ground clearly without feeling like it was overwhelming."
"I really appreciate how complete and informative the slides were, and the readings were really useful. Also, being able to actually use the tools, change a file, and generate a new checksum, etc. was really helpful."
Host a Course:

Interested in hosting a course? Visit our Host a Course page for information on what is required and how to apply!

Education

Subscribe to Education eNews

Want to keep up-to-date on the latest course offerings? Sign up for our Education eNews updates for education insiders!