Looking for the test release of the BitCurator virtual environment? You can find the latest release on the front page of our wiki, in the Software section. We’ve also posted instructions to help you get started.
New White Paper from the BitCurator Team on Putting Digital Forensics into Practice in Collecting Institutions
The BitCurator team is pleased to announce the availability of the BitCurator Phase I white paper, “From Bitstreams to Heritage: Putting Digital Forensics into Practice in Collecting Institutions.” The press release announcing the white paper can be read below and also on the SILS website at: http://sils.unc.edu/news/2013/bitcurator-white-paper
Out of the blue, an archivist gets a call from the husband of a famous scientist who has recently passed away. He wants to donate materials to the archives that can help people to understand and learn about her research. The archivist visits their home and is handed a cardboard box. Inside are not sheets of paper but a stack of floppy disks, CDs, Zip disks and a hard drive. What’s the archivist to do?
Researchers at the School of Information and Library Science (SILS) at the University of North Carolina at Chapel Hill, and the Maryland Institute for Technology in the Humanities (MITH) at the University of Maryland are investigating methods and developing tools for these sorts of situations.
A new white paper titled, “From Bitstreams to Heritage: Putting Digital Forensics into Practice in Collecting Institutions” examines the application of digital forensics methods to materials in collecting institutions – particularly libraries, archives and museums. It is a product of the BitCurator project and is written by Drs. Christopher A. Lee, Frances Carroll McColl Term Professor and research associate, Kam Woods of SILS; Matthew Kirschenbaum, associate director of MITH; and SILS doctoral student Alexandra Chassanoff.
”The landscape has changed quite dramatically in the past few years,” said Lee. “The white paper reflects a great deal of energy and progress around the work of extracting, securing and describing information that’s been stored on computer disks and drives.”
The BitCurator project, funded by the Andrew W. Mellon Foundation, is “an effort to build, test and analyze systems and software for incorporating digital forensics methods into the workflows of a variety of collecting institutions.” Procedures and tools for acquiring and validating data from physical media are well established in the field of digital forensics. There is a rich and growing body of open source tools that can be used to process, manage and disseminate forensically acquired data. While the primary target for many of these tools and methods is the law enforcement community, there is great potential for connecting these two streams of activity in order to support the work of collecting institutions.
BitCurator is developing and disseminating a dedicated open-source software environment that can be used to apply digital forensics methods to collections. The software and associated guidance documents are freely available from the project’s wiki: http://wiki.bitcurator.net
According to the white paper, “Forensic methods identify, capture and retain various forms of contextual information, which can be vital for users making meaningful use of digital materials.” It explains those processes, along with many associated challenges and opportunities
“BitCurator now moves into a critical next phase, with a full-time dedicated Community Lead based at MITH whose mandate is outreach to collecting institutions,” said Kirschenbaum. “We look forward to working with a wide variety of archives, special collections, museums and other constituencies to create a robust user community around our platform.”
The white paper is now available at: http://www.bitcurator.net/docs/bitstreams-to-heritage.pdf
Listen to BitCurator PI Cal Lee address the need for digital preservation on WREK Atlanta’s “Lost in the Stacks” radio show and podcast, the “one-and-only research-library rock’n'roll radio show!” Cal addresses the long-term sustainability of digital media, various approaches to digital preservation, and the aims of the BitCurator project–all while surrounded by an eclectic radio mix of songs dealing with “Bad luck and trouble.”
Listen here: http://lostinthestacks.libsyn.com/bit-rot (Click on the “POD” button).
We are happy to announce the first in our BitCurator webinar series: An Introduction to the BitCurator Environment. This webinar will be the first in a monthly series of webinars addressing the use of Digital Forensics in the curation of born-digital materials. It will take place on Wednesday, November 20th from 10:00am – 11:00am EST and again from 2:oopm – 3:00pm EST. We will introduce participants to the basic functions of the BitCurator environment–from installation to generating forensics metadata reports. Specific topics covered will include:
- Installing BitCurator as either a virtual machine or a stand-alone operating system
- Learning to navigate within the BitCurator environment (BitCurator is a modified version of Ubuntu Linux)
- Working with external media within BitCurator
- Creating disk images via Guymager
- Searching a disk image for personally identifiable information (PII)
- An introduction to DFXML (Digital Forensics XML)
- Generating the BitCurator reports
To attend this webinar, please register here in advance for the session you would like to attend by clicking on the appropriate link below.
We are limiting each webinar to 30 participants, so we encourage you to register early. If you have any questions about the event, please contact Porter Olsen at polsen at umd dot edu.
Announcing BitCurator version 0.4.0!
BitCurator 0.4.0 includes significant improvements in the processing times required to analyze a forensics disk image. In addition, the BitCurator Reporting Tool interface has been updated to be more intuitive and now includes a “Run All” option that will generate DFXML outputs, annotate Bulk Extractor features, and create the BitCurator human and machine readable reports all as one action.
We invite you to download the latest BitCurator release, either as a virtual machine or installable ISO image, from our wiki at http://wiki.bitcurator.net, where you can also find documentation and a link to our BitCurator users group.
BitCurator 0.4.0 Change Log:
- Bitcurator Reporting Tool and GUI now includes “Run All” tab. This provides a link to launch BEViewer, and a single form in which fiwalk, the annotation tool, and the reporting tools can be run.
- Significant performance improvements in Bulk Extractor, fiwalk, and the BitCurator reports generation.
- Excel report generation now handled by XlsxWriter 0.4.3; major performance improvements.
- Bulk extractor updated to 1.4.1. Bug fixes and UI enhancements in BEViewer.
- Sleuthkit updated to 4.1.2.
- BitCurator report configuration (install location: /etc/bitcurator/bc-report-config.txt) updated to automatically report on system files. Various bug fixes.
Last week, members of the BitCurator team visited New Orleans for the 2013 Society of American Archivists (SAA) Joint Annual Meeting. On Tuesday, August 13, we presented a poster at the 7th Annual SAA Research Forum on how the BitCurator environment can support archivists’ preservation goals in institutions.
In our poster, we described four preservation scenarios during the creation and ingest of a disk image into an archival repository. We then showed how the output generated by BitCurator tools during each scenario can be captured and stored as PREMIS-encoded preservation events.
Event 1: Image Capture
Definition: A forensic disk image is extracted from the original media source and created.
Metadata: Acquisition time; duration of capture; manufacturing device & serial number; user who performed acquisition; cryptographic hash values
Event 2: File System Analysis
Definition: A set of file-objects corresponding to all of the files and directories identified on a disk image is analyzed and reported.
Metadata: Time of analysis; duration of analysis; user who performed file system analysis; file system partitions; file system volumes
Event 3: Feature Analysis
Definition: Describes forensic analysis of the raw bitstream, producing reports on specific features of interest (such as personally identifying or other sensitive information).
Tool: bulk extractor
Metadata: Time of analysis; execution environment; number of reports produced;
Event 4: Redaction
Definition: Used to overwrite specific patterns within the disk image according to a user-supplied rule-set.
Metadata: Time of redaction; environment details; user performing redaction; name of new redacted image