Course Details
Fri, August 17, 2015 through Sat, August 18, 2015
Cleveland, OH
THIS EVENT IS FULL. Please call toll-free 1-866-722-7858 to place your name on the waiting list.
Have you learned some of the basics of digital forensics (e.g., creating disk images, generating hashes of files, opening files in hex editors), but now want to know what you should do next? In this course, you’ll learn how to apply a variety of digital forensics methods and tools in order to recover, preserve, and ultimately provide access to born-digital records. We’ll explore a variety of forensic artifacts, generate reports about the contents of disks, extract metadata, and identify patterns that may require filtering or redaction. Strong emphasis will be placed on the use of open-source tools to process, characterize, and provide access to born-digital data.
You MUST bring a laptop to participate successfully in this course.
Upon completion of this course you'll be able to:
- Install and operate the BitCurator environment as a virtual machine within VirtualBox;
- Explain and recognize the different types of metadata that are stored in common filesystems;
- Identify file types based on magic numbers (file signatures);
- Determine potential hardware options for acquisition of data from various types of storage media;
- Apply several common Linux commands at the command line and compose basic regular expressions;
- Run forensics tools from the command line and manipulate the output;
- Evaluate disk image format options based on the needs and priorities of your institution and collections;
- Generate BitCurator reports and use bulk_extractor to identify potentially sensitive data;
- Extract and interpret EXIF metadata from within digital photographs and other files;
- Capture and analyze Windows Registry artifacts using RegRipper;
- Determine essential points in your institution’s workflows at which it will be beneficial to incorporate forensics tools and methods;
- Make and justify decisions of professional ethics that emerge when caring for born-digital records; and
- Recognize available technical strategies for providing access to data acquired from disk images.
Knowledge assumed for this course:Participants are expected to have taken Digital Forensics: Fundamentals and know how to create disk images, generate and verify cryptographic hashes of files, and examine the contents of a file in a hex editor. You should also understand the reasons for creating disk images and using write blockers, as well as the role and purpose of filesystems, file headers, file signatures, and the Windows Registry. We also assume that you know basic archival practice and have intermediate knowledge of computers and digital records management.
| Course Format: | On Site |
| Address: | Western Reserve Historical Society, Cleveland, OH |
| Duration: | 16 hours |
| Audience Category: | Archivists, manuscript curators, librarians, and others who are responsible for acquiring or transferring collections of digital materials, particularly those that are received on removable media. |
| Level: | Advanced practitioner |
| Instructor(s): | Christopher "Cal" Lee, and Martin J. Gengenbach |
| Maximum Attendees: | 30 |
| Cost Range: | SAA Member $325 / $385 Employees of SAA Member Institutions $365 / $425 Nonmember $425/ $485 |
| Provider: | Society of American Archivists |
| Sponsored by: | Western Reserve Historical Society |
Course website (external link)
This information is provided as a convenience for informational purposes only; it does not constitute an endorsement by the Library of Congress.
