computer forensics and cultural heritage
DESCRIPTION
Computer Forensics and Cultural Heritage. Matthew Kirschenbaum University of Maryland. sponsored by the Andrew W. Mellon Foundation. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/1.jpg)
Matthew KirschenbaumUniversity of Maryland
![Page 2: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/2.jpg)
sponsored by the
Andrew W. Mellon Foundation
![Page 3: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/3.jpg)
Seamus Ross Luciana Duranti Stephen Eniss Cal Lee Brad Glisson Patricia Galloway Susan Thomas Peter Hornsby Michael Olson Jeremy Leighton John Simson Garfinkel Barbara Guttman Leo Scanlon Leslie Johnston Amy Friedlander Cliff Lynch
"Despite its origins in law enforcement, security and other
areas seemingly far removed from the cultural heritage sector, we saw an amazing degree of convergence between the professional forensics community and attendees charged with the stewardship of born digital
materials from arts, humanities, and personal archives.”
![Page 4: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/4.jpg)
sponsored by the
Andrew W. Mellon Foundation
![Page 5: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/5.jpg)
o Matthew Kirschenbaumo Associate Professor of English and Associate
Director, Maryland Institute for Technology in the Humanities, University of Maryland
o Richard Ovendeno Associate Director, Bodleian Library, Oxford
o Gabriela Redwineo Archivist and Electronic Records Specialist,
Harry Ransom Center, The University of Texas at Austin
o Rachel Donahue (Research Assistance)o Doctoral Candidate, University of Maryland
College of Information Studies
![Page 6: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/6.jpg)
o Luciana Durantio Professor, School of Library, Archival and Information
Studies, University of British Columbiao Bradley Glisson
o Director and Lecturer, Computer Forensics and e-Discovery, Humanities Advanced Technology and Information Institute, University of Glasgow
o Cal Leeo Assistant Professor, School of Information and Library
Science, University of North Carolina, Chapel Hillo Rob Maxwell
o Lead Incident Handler, Office of Information Technology and Founder, Digital Forensic Lab, University of Maryland
o Doug Resideo Associate Director, Maryland Institute for Technology in
the Humanitieso Susan Thomas
o Digital Archivist, Bodleian Library, Oxford
![Page 7: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/7.jpg)
Proposed to Mellon early 2009
Funded July 2009 Research and Writing
through April 2010 Symposium May 2010 Revisions June-August
2010 Submission to CLIR
August 2010 Publication late 2010
![Page 8: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/8.jpg)
Archives and Cultural Heritage Professionals (Manuscript Repositories)
Technical Forensics Community
Textual Scholars
Funders
Donors
![Page 9: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/9.jpg)
Introduce Computer Forensics to Cultural Heritage Community
Identify Points of Convergence
Create Basis for Further Contact and Collaboration
![Page 10: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/10.jpg)
![Page 11: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/11.jpg)
“Computer forensics involves the
preservation, identification, extraction,
documentation, and interpretation of
computer data.”
–Kruse and Heiser, Computer Forensics:
Incident Response Essentials (2002)
![Page 12: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/12.jpg)
“It’s not at all like what you see on “CSI.” Computer forensics can be tiresome, dreary, boring, and downright drudgery. Performing a competent
analysis can take days, weeks, or even months depending upon the subject, the condition and state of the hard drive, or the importance of the case. For
that time period, the examiner is literally trying on the subject’s life, wearing it like a costume for eight or more hours a day. Everything someone
likes, hates, is interested in, fantasizes about, or fetishes goes through his or her keyboard at one point or another. Think about every email message you’ve ever written…every chat you’ve ever typed…every website you’ve
ever visited…every phrase you’ve ever searched for online.
“Seriously…think about it. I’ll give you a moment.
“Now think about me reading and seeing it all. That should scare you a little bit, and if it didn’t, you’re probably lying to yourself. It’s okay. Most people
do.”http://www.forensicfocus.com/the-darker-side-of-computer-forensics
![Page 13: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/13.jpg)
Diplomatics Questioned
Document Examination
Analytical and Descriptive Bibliography
![Page 14: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/14.jpg)
“Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will
serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the
blood or semen he deposits or collects. All of these and more, bear mute witness against him.
This is evidence that does not forget. It is not confused by the excitement of the moment. It is
not absent because human witnesses are. It is factual evidence. Physical evidence cannot be
wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it,
study and understand it, can diminish its value.”
—Paul L. Kirk. 1953. Crime investigation: physical evidence and the police laboratory.
Interscience Publishers, Inc.: New York.
![Page 15: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/15.jpg)
“The first step is preservation, where we attempt to preserve the
crime scene so that the evidence is not lost. In the physical world,
yellow tape is wrapped around the scene. In a digital world, we make a
copy of memory, power the computer off, and make a copy of the hard disk. In some cases, the computer cannot be powered off and instead suspicious processes are killed and steps are taken to
ensure that known evidence is copied and preserved.”
--Brian Carrierhttp://www.digital-evidence.org/di_basics.html
![Page 16: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/16.jpg)
File System Forensics
Network Forensics Incident Response Intrusion
Detection Web Forensics Mobile Forensics
![Page 17: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/17.jpg)
“Data remanence is the residual physical representation of data that has been in some way erased.”--A Guide to Understanding Data Remanence in Automated Information Systems
http://www.fas.org/irp/nsa/rainbow/tg025-2.htm
![Page 18: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/18.jpg)
![Page 19: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/19.jpg)
![Page 20: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/20.jpg)
“Secure file deletion on Windows platforms is a
major exercise, and can only be part of a secure
‘wipe’ of one’s entire hard disk. Anything less
than that is likely to leave discoverable electronic
evidence behind.”
-- Michael Caloyannides, Computer Forensics and
Privacy (Norwood, MA: Artech House, 2001), 28
![Page 21: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/21.jpg)
![Page 22: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/22.jpg)
![Page 23: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/23.jpg)
![Page 24: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/24.jpg)
![Page 25: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/25.jpg)
![Page 26: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/26.jpg)
Authenticity and Integrity
Discovery Redaction Data recovery
![Page 27: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/27.jpg)
British Library Bodleian Stanford Emory UT Austin (and
Ransom Center) MITH at Maryland
![Page 28: Computer Forensics and Cultural Heritage](https://reader038.vdocuments.us/reader038/viewer/2022110102/56813cb0550346895da65cb4/html5/thumbnails/28.jpg)
Terminology Expense Training “Smoking Gun”
Fallacy Ethics