ARCHIVES 2015 has ended
Back To Schedule
Tuesday, August 18 • 9:00am - 5:00pm
Digital Forensics for Archivists: Advanced (Revised!) #1611 (Day 2 of 2) [DAS] [This course is FULL] LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Limited Capacity seats available

This course is now full.
Course Fees: Advance / Regular*

SAA Members: $325 / $385
Employees of SAA Member Institutions: $365 / $425
Nonmembers: $425/ $485

Course Description (2 days, 1.5 CEUs, 1 DAS, 10 ARCs) | You must bring a laptop to participate successfully in this course.

Have you learned some of the basics of digital forensics (e.g., creating disk images, generating hashes of files, opening files in hex editors), but now want to know what you should do next? In this course, you’ll learn how to apply a variety of digital forensics methods and tools in order to recover, preserve, and ultimately provide access to born-digital records. We’ll explore a variety of forensic artifacts, generate reports about the contents of disks, extract metadata, and identify patterns that may require filtering or redaction. Strong emphasis will be placed on the use of open-source tools to process, characterize, and provide access to born-digital data.

Upon completion of this course you’ll be able to:

  • Install and operate the BitCurator environment as a virtual machine within VirtualBox;

  • Explain and recognize the different types of metadata that are stored in common filesystems;

  • Identify file types based on magic numbers (file signatures);

  • Determine potential hardware options for acquisition of data from various types of storage media;

  • Apply several common Linux commands at the command line and compose basic regular expressions;

  • Run forensics tools from the command line and manipulate the output;

  • Evaluate disk image format options based on the needs and priorities of your institution and collections;

  • Generate BitCurator reports and use bulk_extractor to identify potentially sensitive data;

  • Extract and interpret EXIF metadata from within digital photographs and other files;

  • Capture and analyze Windows Registry artifacts using RegRipper;

  • Determine essential points in your institution’s workflows at which it will be beneficial to incorporate forensics tools and methods;

  • Make and justify decisions of professional ethics that emerge when caring for born-digital records; and

  • Recognize available technical strategies for providing access to data acquired from disk images.

Who should attend?
This class is intended for archivists, manuscript curators, librarians, and others who are responsible for acquiring or transferring collections of digital materials, particularly those that are received on removable media.

Knowledge assumed for this course:
Participants are expected to have taken Digital Forensics: Fundamentals and know how to create disk images, generate and verify cryptographic hashes of files, and examine the contents of a file in a hex editor. You should also understand the reasons for creating disk images and using write blockers, as well as the role and purpose of filesystems, file headers, file signatures, and the Windows Registry. We also assume that you know basic archival practice and have intermediate knowledge of computers and digital records management.

This course builds on others in the Digital Archives Specialist (DAS) Curriculum, including Basic Electronic Records, Thinking Digital, Accessioning and Ingest, and Beginner’s Guide to Metadata.

This course is one of the Tools and Services Courses in the Digital Archives Specialist (DAS) Curriculum and Certificate Program. If you intend to pursue the Certificate, you'll need to pass the examination for this course. Please follow Option 1 to access exam information.

 DAS Core Competencies addressed in this course are:
#1. Understand the nature of records in electronic form, including the functions of various storage media, the nature of system dependence, and the effect on integrity of records over time.
#3. Formulate strategies and tactics for appraising, describing, managing, organizing, and preserving digital archives.
#4. Integrate technologies, tools, software, and media within existing functions for appraising, capturing, preserving, and providing access to digital collections.
#6. Curate, store, and retrieve original masters and access copies of digital archives.

Attendance is limited to 35
*Register for both Digital Forensics for Archivists: Fundamentals and Digital Forensics for Archivists: Advanced and save!

SAA Member $455 / $515
Employees of Member Institutions $485 / $545
Nonmember $515 / $575

During registration/check out: You must select both courses in the bundle and the corresponding fee (in the drop down menu) to secure your seat and discount. Selecting only one course in a bundle will not confirm your seat in both courses. (i.e., Select both Digital Forensics for Archivists: Fundamentals and Digitial Forensics for Archivists: Advance to be registered in both and receive the discounted registration rate.)

avatar for Cal Lee

Cal Lee

Professor, University of North Carolina
Christopher (Cal) Lee is Professor at the School of Information and Library Science at UNC, Chapel Hill. He teaches courses and workshops in archives and records management. He is a Fellow of SAA, and he serves as editor of American Archivist.

Tuesday August 18, 2015 9:00am - 5:00pm EDT
Western Reserve Historical Society 10825 East Boulevard, Cleveland OH, 44105

Attendees (0)