This course is now full.Course Fees: Advance / Regular*
SAA Members: $325 / $385
Employees of SAA Member Institutions: $365 / $425
Nonmembers: $425/ $485
Course Description (2 days, 1.5 CEUs, 1 DAS, 10 ARCs) | You
must bring a laptop to participate successfully in this course.
Have you learned some of the basics of digital forensics (e.g., creating disk images, generating hashes of files, opening files in hex editors), but now want to know what you should do next? In this course, you’ll learn how to apply a variety of digital forensics methods and tools in order to recover, preserve, and ultimately provide access to born-digital records. We’ll explore a variety of forensic artifacts, generate reports about the contents of disks, extract metadata, and identify patterns that may require filtering or redaction. Strong emphasis will be placed on the use of open-source tools to process, characterize, and provide access to born-digital data.
Upon completion of this course you’ll be able to:
- Install and operate the BitCurator environment as a virtual machine within VirtualBox;
- Explain and recognize the different types of metadata that are stored in common filesystems;
- Identify file types based on magic numbers (file signatures);
- Determine potential hardware options for acquisition of data from various types of storage media;
- Apply several common Linux commands at the command line and compose basic regular expressions;
- Run forensics tools from the command line and manipulate the output;
- Evaluate disk image format options based on the needs and priorities of your institution and collections;
- Generate BitCurator reports and use bulk_extractor to identify potentially sensitive data;
- Extract and interpret EXIF metadata from within digital photographs and other files;
- Capture and analyze Windows Registry artifacts using RegRipper;
- Determine essential points in your institution’s workflows at which it will be beneficial to incorporate forensics tools and methods;
- Make and justify decisions of professional ethics that emerge when caring for born-digital records; and
- Recognize available technical strategies for providing access to data acquired from disk images.
Who should attend? This class is intended for archivists, manuscript curators, librarians, and others who are responsible for acquiring or transferring collections of digital materials, particularly those that are received on removable media.
Knowledge assumed for this course: Participants are expected to have taken
Digital Forensics: Fundamentals and
know how to create disk images, generate and verify cryptographic hashes of files, and examine the contents of a file in a hex editor. You should also understand the reasons for creating disk images and using write blockers, as well as the role and purpose of filesystems, file headers, file signatures, and the Windows Registry. We also assume that you know basic archival practice and have intermediate knowledge of computers and digital records management.
This course builds on others in the
Digital Archives Specialist (DAS) Curriculum, including
Basic Electronic Records,
Thinking Digital,
Accessioning and Ingest, and
Beginner’s Guide to Metadata.
This course is one of the
Tools and Services Courses
in the Digital Archives Specialist (DAS) Curriculum and Certificate Program. If you intend to pursue the Certificate, you'll need to pass the examination for this course. Please follow
Option 1 to access exam information.
The DAS Core Competencies addressed in this course are: #1. Understand the nature of records in electronic form, including the functions of various storage media, the nature of system dependence, and the effect on integrity of records over time.
#3. Formulate strategies and tactics for appraising, describing, managing, organizing, and preserving digital archives.
#4. Integrate technologies, tools, software, and media within existing functions for appraising, capturing, preserving, and providing access to digital collections.
#6. Curate, store, and retrieve original masters and access copies of digital archives.
Attendance is limited to 35.
*Register for both Digital Forensics for Archivists: Fundamentals
and Digital Forensics for Archivists: Advanced and save!
SAA Member $455 / $515 Employees of Member Institutions $485 / $545 Nonmember $515 / $575
During registration/check out: You must select both courses in the bundle
and the corresponding fee (in the drop down menu) to secure your seat
and discount. Selecting only one course in a bundle will not confirm your seat in both courses. (i.e., Select both Digital Forensics for Archivists: Fundamentals
and Digitial Forensics for Archivists: Advance to be registered in both and receive the discounted registration rate.)
