Born-Digital Forensics

Instructors

Location

3250 Tawes Fine Arts Building (Monday-Wednesday; Friday); Room J, Library Media Services, Hornbake Library (Thursday only)

Description

This course will introduce students to the role of digital forensics in the act of preserving, investigating, and curating born-digital culture artifacts. We will explore the technical underpinning and the physical materiality of the digital objects we frequently, in our screen-centric world, mistake as ephemeral. Using open source tools including Linux, The Sleuth Kit, and BitCurator, students will get hands-on training exploring a wide variety of digital media and learning how to look for deleted files, how to search and redact personally identifiable information, and how to produce information-rich metadata about a forensic disk image. In addition to practical skills, students will develop a theoretical understanding of digital storage media–and the forensics disk images produced from them–as objects of study in their own right and the importance of learning to read these objects as richly as we do more traditional texts. There are no essential prerequisite skills for this course; however, a working knowledge of Linux will be a great benefit.

This will be a hands-on course–we will be doing digital forensics, not just reading about/discussing the subject. At the University of Maryland where our course will be held, we have access to a wide range of digital forensics and media access tools. Specifically, we have tools for reading data from 5.25″ disks, 3.5″ disks, CD-ROM disks, Zip disks, hard disk drives of various formats, and a wide array of flash media. We will provide test media for you to work with as we learn the various digital forensics tools and procedures. However, you are invited (and encouraged) to bring media of your own from either your personal digital archive, or from your institution. You will, of course, want to make sure you have permission to bring these materials to the workshop, and please be selective (don’t bring the one-of-a-kind disk with data held nowhere else in your collection, the loss of which would cause an international incident). The goal here is to give you the real-world experience you need to go back to your institution and feel comfortable working with your own digital collections, which can best be accomplished by working with “real” digital media. So if you have digital materials you would like to work with, please do bring them with you.

Course Software:

Hardware Minimum System Requirements
Operating System: Mac OS X, Windows 7 or 8, BitCurator (Ubuntu Linux 14.04)
CPU: a 64-bit-capable processor (this will include most CPUs manufactured in last six years); a CPU with hardware virtualization support (this may need to be enabled in the BIOS, see the link below)
System memory: 4GB of RAM
Hard drive space: at least 20GB of free hard drive space

Please install the software outlined the link below. Learning how to use these digital forensics tools will be the heart of the course.

https://docs.google.com/document/d/1QKcg5Be6HglDeNoGhs2NQTiViH6A7qkPDeOnEc0o4co/edit?usp=sharing

BitCurator
As specified in the link above, we will be using the BitCurator Environment to access and learn a range of open source digital forensics tools written for Linux. If you are not already familiar with Linux, do not worry. We will cover enough of the basics so that you can effectively use these digital forensics tools.

Please visit the BitCurator wiki at http://wiki.bitcurator.net for detailed instructions on how to install BitCurator as a virtual machine. If you have any questions or run into problems, please email us so we can work them out before the course begins.

Course Readings:

View the course readings here: https://docs.google.com/document/d/1QKcg5Be6HglDeNoGhs2NQTiViH6A7qkPDeOnEc0o4co/edit?usp=sharing

Problems or Questions?

Please feel free to contact us!