Digital Forensics: The Academic Library and Beyond

April 27 - 28, 2017
Norris University Center
Northwestern University 
Evanston, IL

The BitCurator Users Forum brings together representatives from libraries, archives, museums, and related information professions engaged in (or considering) digital forensics work to acquire, better understand, and make available born-digital materials. The 2017 forum will be expanded to two days providing even more opportunities for community members and users to engage and learn from each other. It will balance discussion of theory and practice of digital forensics and related digital analysis workflows with hands-on activities for users at all levels of experience with the BitCurator environment, digital forensics methods in general, and other tools used in digital analysis and curation. 

Back To Schedule
Thursday, April 27 • 9:00am - 4:00pm
Workshop: Testing the BitCurator Waters

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Over the course of the day, attendees in the beginner track will participate in a range of activities meant to introduce the BitCurator environment and prepare participants for the proceedings on Day 2 of the User Forum. The morning will start with a brief introduction to digital forensics and how it relates to the work performed in libraries, archives, and museums (note: due to time constraints and subject complexity, this introduction cannot be comprehensive). The introduction touches on the foundational concepts of forensic analysis, defines terms that will recur throughout the day, and closes by tying those concepts broadly to archival practice. Following the introduction, the remainder of the morning will consist of a tour of the BitCurator environment, including the various GUI and command-line tools included in the environment. Participants will be invited to follow along on their own computers.

In the afternoon, a series of group and individual exercises will give participants the opportunity to run the core set of forensics tools on sample disk images and reflect on those experiences. The bulk of the exercises will be focused on the core set of BitCurator tools. Exercises and discussion will address running bulk_extractor, analyzing its reports, and the decision points raised by them; running fiwalk and exploring the metadata it generates; and running the BitCurator Reporting Tool and comparing the reports to those generated by bulk_extractor and fiwalk. A secondary set of exercises will be devoted to the additional tools included in the BitCurator environment. This latter group will be more discussion based, as the tools themselves are in varying states of support or maintenance, with the primary goal of communicating to participants the range of possibilities available to BitCurator users with these and other tools available in Linux environments.

Participants should bring a laptop computer that satisfies the minimum requirements for running BitCurator in a virtual machine. Further, participants should have downloaded the BitCurator environment. Time at the beginning of the day will be set aside to troubleshoot as much as possible; however, downloading the software over a wireless connection takes a fair amount of time and should be performed in advance of the Forum.

avatar for [Matthew] Farrell

[Matthew] Farrell

Digital Records Archivist, Duke University Archives

Thursday April 27, 2017 9:00am - 4:00pm PDT
WildCat Room, Norris University Center, Northwestern University 1999 Campus Drive, Evanston IL 60208