21
A Brief Introduction to Digital Forensics Based in large part on the July 29, 2014 BitCurator workshop at METRO, as well as the SAA DAS curriculum *** Kevin Schlottmann November 23, 2015

Digital forensics intro 20151123

Embed Size (px)

Citation preview

Page 1: Digital forensics intro 20151123

A Brief Introduction to Digital Forensics

Based in large part on the July 29, 2014 BitCurator workshop at METRO,

as well as the SAA DAS curriculum ***

Kevin SchlottmannNovember 23, 2015

Page 2: Digital forensics intro 20151123

What is digital forensics?

"…identifying, preserving, analyzing, and presenting digital evidence…"

2

http://aic.gov.au/documents/9/C/A/%7B9CA41AE8-EADB-4BBF-9894-64E0DF87BDF7%7Dti118.pdf

Page 3: Digital forensics intro 20151123

Briefest history of digital media

3

Page 4: Digital forensics intro 20151123

Why apply digital forensics?

*To ensure data integrity and ease automation and processing

4

Page 5: Digital forensics intro 20151123

Why apply digital forensics?

*In other words: preserve significant properties such as authenticity and reliability

5

Page 6: Digital forensics intro 20151123

Why apply digital forensics?

*In other words: to ensure provenance, original order, chain of custody, and context of digital objects

6

Page 7: Digital forensics intro 20151123

Just one part of the plan

7

Page 8: Digital forensics intro 20151123

Many, many tools

BC, FTK, USB, JHOVE, E01, METS, PREMIS

8

Page 9: Digital forensics intro 20151123

What is BitCurator?

*Customized Linux OS running in virtual machine with a tightly integrated, well-documented suite of open-source digital forensics tools

9

Page 10: Digital forensics intro 20151123

What is BitCurator?

*Customized Linux OS running in virtual machine…

10

Page 11: Digital forensics intro 20151123

What is BitCurator?

*Customized Linux OS running in virtual machine…

11

Page 12: Digital forensics intro 20151123

What is BitCurator?

*…a tightly integrated, well-documented suite of open-source digital forensics tools

12

Page 13: Digital forensics intro 20151123

1. Creating a disk image

13

Page 14: Digital forensics intro 20151123

2. Analyzing the disk image

14

Page 15: Digital forensics intro 20151123

3. Create access copy

15

Page 16: Digital forensics intro 20151123

Just one part of the plan

16

Page 17: Digital forensics intro 20151123

Who is doing this work?

17

Page 18: Digital forensics intro 20151123

What skills mightdigital archivists have?

18

Firm understanding of archival principles: provenance, original order, creation context

Firm understanding of archival standards: levels of description, DACS, the EAC suite

Outlines of METS, MARC/MODS/DC, PREMIS, and how they might fit together

Metadata wrangling tools: Excel, csv, OpenRefine

A “power tool” : XSLT, xQuery, command-line tools (grep, sed), or Python

Actionable curiosity http://gavialib.com/2013/09/the-one-skill/

http://gavialib.com/2013/09/the-one-skill/
http://gavialib.com/2013/09/the-one-skill/
Page 19: Digital forensics intro 20151123

What am I doing right now?

Using METS files to manage disk images

ePADD for email processing

Page 20: Digital forensics intro 20151123

Just one part of the plan

20

Page 21: Digital forensics intro 20151123

Additional Reading

21

*BitCurator wiki [http://wiki.bitcurator.net/index.php?title=Main_Page]

*From Bitstreams to Heritage report [http://www.bitcurator.net/docs/bitstreams-to-heritage.pdf]

*You’ve Got to Walk Before You Can Run: First Steps for Managing Born-Digital Content Received on Physical Media[http://www.oclc.org/content/dam/research/publications/library/2012/2012-06.pdf?urlm=168601]

Thank you!


Intro to Computer Forensics Forensics Services intro… · extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any

Intro to Computer Forensics Forensics Services intro… · extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any

Documents
Acquisizione Laboratorio Disk forensics Network forensics

Acquisizione Laboratorio Disk forensics Network forensics

Documents
20151123 Lecture9 Exam2Review(1)

20151123 Lecture9 Exam2Review(1)

Documents
Introduction to Digital - University of Texas at Dallas · 2019-10-31 · Network Forensics- Intro Branch of digital forensics Monitoring and analysis of computer network traffic

Introduction to Digital - University of Texas at Dallas · 2019-10-31 · Network Forensics- Intro Branch of digital forensics Monitoring and analysis of computer network traffic

Documents
Intro&to&PCAP&web.cse.msstate.edu/~hamilton/Forensics/resources/intro-to-pcap-p… · Intro&to&PCAP& Reid&Gilman& Approved&for&Public&Release:&13

Intro&to&PCAP&web.cse.msstate.edu/~hamilton/Forensics/resources/intro-to-pcap-p… · Intro&to&PCAP& Reid&Gilman& Approved&for&Public&Release:&13

Documents
CSCI 4623: Intro to Digital Forensics - 123seminarsonly.com · CSCI 4623: Intro to Digital Forensics Dept. of Computer Science University of New Orleans Slide Set # 2 Spring 2006

CSCI 4623: Intro to Digital Forensics - 123seminarsonly.com · CSCI 4623: Intro to Digital Forensics Dept. of Computer Science University of New Orleans Slide Set # 2 Spring 2006

Documents
Cyber forensics intro & requirement engineering cit dec 21,2013

Cyber forensics intro & requirement engineering cit dec 21,2013

Technology
Gender: Actions to Achieve Positive Change · 2016. 3. 15. · Week 1 Intro to forensics Who killed Kenny Intro to forensics Who killed Kenny Week 2 Intro to chemistry Slime and noisy

Gender: Actions to Achieve Positive Change · 2016. 3. 15. · Week 1 Intro to forensics Who killed Kenny Intro to forensics Who killed Kenny Week 2 Intro to chemistry Slime and noisy

Documents
COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

Documents
SQL SERVER Anti-Forensics - Black Hat · • Anti-Forensics techniques help to make forensics investigations difficult • Anti-Forensics can be a never ending game • Forensics

SQL SERVER Anti-Forensics - Black Hat · • Anti-Forensics techniques help to make forensics investigations difficult • Anti-Forensics can be a never ending game • Forensics

Documents
Forensics and Security Technology (FAST) · Network Forensics Windows Exploitation Intro Linux with Minecraft. Conferences Southern California Linux Expo (SCALE) Layer One BSIDES

Forensics and Security Technology (FAST) · Network Forensics Windows Exploitation Intro Linux with Minecraft. Conferences Southern California Linux Expo (SCALE) Layer One BSIDES

Documents
intro to forensics

intro to forensics

Technology
2013 05-15 Intro to Archivematica - UBC SLAIS Digital Records Forensics Class

2013 05-15 Intro to Archivematica - UBC SLAIS Digital Records Forensics Class

Education
1 Intro to Digital Forensics - Mississippi State Universityweb.cse.msstate.edu/.../6350/lessons/1_Intro_to_Digital_Forensics.pdf · Auburn University Digital Forensics 1 Introduction

1 Intro to Digital Forensics - Mississippi State Universityweb.cse.msstate.edu/.../6350/lessons/1_Intro_to_Digital_Forensics.pdf · Auburn University Digital Forensics 1 Introduction

Documents
Intro to Forensics Science

Intro to Forensics Science

Documents
1Martin - HRMG 5930 - Northwestern - 20151123

1Martin - HRMG 5930 - Northwestern - 20151123

Documents
Intro to Incident Response and Forensics

Intro to Incident Response and Forensics

Documents
Comp ter Forensics It’s NotComputer Forensics: It’s … ter Forensics It’s NotComputer Forensics: ... Computer Forensics Can be Useful with ... Solid state drives & deleted file

Comp ter Forensics It’s NotComputer Forensics: It’s … ter Forensics It’s NotComputer Forensics: ... Computer Forensics Can be Useful with ... Solid state drives & deleted file

Documents
Casey Bann Doyle Intro Windows Mobile Forensics

Casey Bann Doyle Intro Windows Mobile Forensics

Documents
Network Forensics PPrinciples of Network Forensics

Network Forensics PPrinciples of Network Forensics

Documents
Forensics & Anti- Forensics

Forensics & Anti- Forensics

Documents
COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

Documents
20151123 sputnik 3-overview

20151123 sputnik 3-overview

Recruiting & HR
FALL 2015 crystal city Intro to Information Security ... · PDF fileAdvanced Digital Forensics and Incident Response FOR526: Memory Forensics In-Depth FOR585: Advanced Smartphone Forensics

FALL 2015 crystal city Intro to Information Security ... · PDF fileAdvanced Digital Forensics and Incident Response FOR526: Memory Forensics In-Depth FOR585: Advanced Smartphone Forensics

Documents
2a Intro to Digital Forensics - Mississippi State Universityweb.cse.msstate.edu/...to_Digital_Forensic_x6.pdf · 1/13/13 1 Auburn University Digital Forensics 1 Introduction to Digital

2a Intro to Digital Forensics - Mississippi State Universityweb.cse.msstate.edu/...to_Digital_Forensic_x6.pdf · 1/13/13 1 Auburn University Digital Forensics 1 Introduction to Digital

Documents
DOWNLOAD THESE FILES Intro Forensics

DOWNLOAD THESE FILES Intro Forensics

Documents
Intro to Comp Forensics

Intro to Comp Forensics

Documents
Intro to MIS – MGS351 Computer Crime and Forensics Extended Learning Module H

Intro to MIS – MGS351 Computer Crime and Forensics Extended Learning Module H

Documents
Is Mobile Device Forensics Really Forensics?

Is Mobile Device Forensics Really Forensics?

Documents
Anti-Forensics and Anti-Anti-Forensics

Anti-Forensics and Anti-Anti-Forensics

Documents