Christopher Lee (UNC)
Kam Woods

Abstract

This workshop is designed for two different, but complementary audiences: 

- Professionals responsible for managing collections of born-digital data archivists, manuscript curators, librarians or others who are responsible for acquiring or transferring collections of digital materials, particularly those that are received on removable media. 

- Digital forensics researchers and practitioners who would like to learn about and provide feedback on strategies for redacting data from disk images and/or providing access to the data to third parties. 

Through a combination of presentation and hands-on exercises, this workshop will demonstrate several technical approaches to redacting and providing access to data from disk images, using combinations of open-source software. Two approaches to access will be demonstrated. First, bca-webtools provides access to disk images over the web using open-source software including The Sleuth Kit, PyTSK, libewf, and the Flask web framework. Institutions can point bca-webtools at a local directory that contains raw or forensically-packaged disk images, and the software will create a web portal that allows users to browse the file systems, download files, and examine disk image metadata. Second, users can search and navigate DFXML metadata directly by querying a database, in order to e.g. find items of a particular file type or from a given date. 

Disk images can contain numerous forms of sensitive or private data that should not be freely disclosed to the general public. We will illustrate two main approaches to addressing this issue (both based on first running bulk_extractor to identify potentially sensitive patterns): (1) use dedicated scripts to generate redacted versions of files or disk images, which can then be used as the basis for access copies, and (2) masking parts of disk images from view, so they cannot be accessed when navigating the disk images using the bca-webtools described above. 

Participants should bring a laptop computer with an Intel Core i5 or Core i7 machine (or AMD equivalent) running a 64-bit version of Windows 7, Windows 8, Mac OS 10.9 (or newer), or a 64-bit Linux variant. At least 4GB RAM (8GB RAM strongly recommended). Minimum 10GB free hard disk space (20GB is preferred). The BitCurator virtual machine (see below) is approximately 8GB when uncompressed. It is configured to automatically expand in size up to 256GB. 

Prior to the workshop, participants should install the BitCurator VM or Live CD: http://wiki.bitcurator.net/. An up-to-date version of VirtualBox: https://www.virtualbox.org/wiki/Downloads. The VirtualBox Extension Pack (to be installed on the host system - just download and double-click on the file once you've installed VirtualBox). The VirtualBox software requires that Intel VT-x virtualization extensions are enabled in the system BIOS.