Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Brief Introduction to Digital Forensics

Published byNatalie Harmon Modified over 5 years ago

Similar presentations

Presentation on theme: "A Brief Introduction to Digital Forensics"— Presentation transcript:

1 A Brief Introduction to Digital Forensics
Based in large part on the July 29, 2014 BitCurator workshop at METRO, as well as the SAA DAS curriculum *** Kevin Schlottmann November 23, 2015

2 What is digital forensics?
"…identifying, preserving, analyzing, and presenting digital evidence…"

3 Briefest history of digital media
Trends – more density; cheaper; more and more transactions done and stored digitally

4 Why apply digital forensics?
*To ensure data integrity and ease automation and processing

5 Why apply digital forensics?
*In other words: preserve significant properties such as authenticity and reliability Edmund Locard

6 Why apply digital forensics?
*In other words: to ensure provenance, original order, chain of custody, and context of digital objects Disk image; layers; MAC times; deleted items; temp files; file system and OS information; one checksum to manage; an image is das Ding an sich; SIP/AIP

7 Just one part of the plan

8 BC, FTK, USB, JHOVE, E01, METS, PREMIS
Many, many tools BC, FTK, USB, JHOVE, E01, METS, PREMIS

9 What is BitCurator? *Customized Linux OS running in virtual machine with a tightly integrated, well-documented suite of open-source digital forensics tools

10 What is BitCurator? *Customized Linux OS running in virtual machine…

11 What is BitCurator? *Customized Linux OS running in virtual machine…

12 What is BitCurator? *…a tightly integrated, well-documented suite of open-source digital forensics tools

13 1. Creating a disk image

14 2. Analyzing the disk image

15 3. Create access copy

16 Just one part of the plan

17 Who is doing this work?

18 What skills might digital archivists have?
Firm understanding of archival principles: provenance, original order, creation context Firm understanding of archival standards: levels of description, DACS, the EAC suite Outlines of METS, MARC/MODS/DC, PREMIS, and how they might fit together Metadata wrangling tools: Excel, csv, OpenRefine A “power tool” : XSLT, xQuery, command-line tools (grep, sed), or Python Actionable curiosity

19 What am I doing right now?
Using METS files to manage disk images ePADD for processing

20 Just one part of the plan

21 Additional Reading Thank you! *BitCurator wiki
[ *From Bitstreams to Heritage report [ *You’ve Got to Walk Before You Can Run: First Steps for Managing Born-Digital Content Received on Physical Media [ Thank you!

Download ppt "A Brief Introduction to Digital Forensics"

Similar presentations

GETTING BITS OFF DISKS Using Open Source Tools to Prepare Born-Digital Materials for Long-Term Preservation and Access To connect to the audio portion.

GETTING BITS OFF DISKS Using Open Source Tools to Prepare Born-Digital Materials for Long-Term Preservation and Access To connect to the audio portion.
Digital Preservation - Its all about the metadata right? “Metadata and Digital Preservation: How Much Do We Really Need?” SAA 2014 Panel Saturday, August.

Digital Preservation - Its all about the metadata right? “Metadata and Digital Preservation: How Much Do We Really Need?” SAA 2014 Panel Saturday, August.
A centre of expertise in data curation and preservation MIS Seminar :: University of Edinburgh :: 2 October 2006 Funded by: This work is licensed under.

A centre of expertise in data curation and preservation MIS Seminar :: University of Edinburgh :: 2 October 2006 Funded by: This work is licensed under.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
1 Extending the Implementation of PREMIS to Geospatial Resources in the Stanford Digital Repository: An Exploration By Nancy J. Hoebelheinrich Metadata.

1 Extending the Implementation of PREMIS to Geospatial Resources in the Stanford Digital Repository: An Exploration By Nancy J. Hoebelheinrich Metadata.
Z39.87 at DCAPS Oya Rieger & Danielle Mericle Digital Media Group, DCAPS May 2005 CUL Metadata Forum.

Z39.87 at DCAPS Oya Rieger & Danielle Mericle Digital Media Group, DCAPS May 2005 CUL Metadata Forum.
Brief Overview of Major Enhancements to PAWN. Producer – Archive Workflow Network (PAWN) Distributed and secure ingestion of digital objects into the.

Brief Overview of Major Enhancements to PAWN. Producer – Archive Workflow Network (PAWN) Distributed and secure ingestion of digital objects into the.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
AIP Archival Information Package – Defines how digital objects and its associated metadata are packaged using XML based files. METS (binding file) MODS.

AIP Archival Information Package – Defines how digital objects and its associated metadata are packaged using XML based files. METS (binding file) MODS.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.

COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Metadata standards, tools and processes for audio preservation at the British Library: An overview of new systems for audio description, preservation and.

Metadata standards, tools and processes for audio preservation at the British Library: An overview of new systems for audio description, preservation and.
Issue: Unknown / Unrecognized Filesystems Initial Analysis Extract Metadata Identify Restricted Info Identify Duplicates Generate Reports.

Issue: Unknown / Unrecognized Filesystems Initial Analysis Extract Metadata Identify Restricted Info Identify Duplicates Generate Reports.
Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove,

Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove,
Untitled (Hidden Track): Born Digital Content Preservation Service at UIUC Tracy Popp, MS LIS, CAS Digital Preservation Coordinator University Library.

Untitled (Hidden Track): Born Digital Content Preservation Service at UIUC Tracy Popp, MS LIS, CAS Digital Preservation Coordinator University Library.
How to make your investigation more complete in less time.

How to make your investigation more complete in less time.
Automated Archiving of DVD Content Esteva, Vega, Nieto, Scott, Gunnels, Kumar, Lamphear, Henriksen, Lee, Martin TCDL 2013.

Automated Archiving of DVD Content Esteva, Vega, Nieto, Scott, Gunnels, Kumar, Lamphear, Henriksen, Lee, Martin TCDL 2013.

Similar presentations

Ads by Google